mirror of
https://github.com/curl/curl.git
synced 2026-07-16 08:17:16 +03:00
openssl: Don't ignore CA paths when using Windows CA store (redux)
.. and remove 'experimental' designation from CURLSSLOPT_NATIVE_CA. This commit restores the behavior of CURLSSLOPT_NATIVE_CA so that it does not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded default locations. Instead the native Windows CA store can be used at the same time. --- This behavior was originally added over two years ago inabbc5d60(#5585) but then83393b1a(#7892) broke it over a year ago, I assume inadvertently. The CURLSSLOPT_NATIVE_CA feature was marked experimental and likely rarely used. Ref: https://github.com/curl/curl/pull/5585 Ref: https://github.com/curl/curl/pull/7892 Ref: https://curl.se/mail/lib-2023-01/0019.html Closes https://github.com/curl/curl/pull/10244
This commit is contained in:
parent
6113dec2a8
commit
c4cd0e2be9
4 changed files with 45 additions and 22 deletions
|
|
@ -20,6 +20,5 @@ Experimental support in curl means:
|
|||
|
||||
- The Hyper HTTP backend
|
||||
- HTTP/3 support and options
|
||||
- `CURLSSLOPT_NATIVE_CA` (No configure option, feature built in when supported)
|
||||
- The rustls backend
|
||||
- WebSocket
|
||||
|
|
|
|||
|
|
@ -60,6 +60,12 @@ offline distribution points for those SSL backends where such behavior is
|
|||
present. This option is only supported for Schannel (the native Windows SSL
|
||||
library). If combined with \fICURLSSLOPT_NO_REVOKE\fP, the latter takes
|
||||
precedence. (Added in 7.70.0)
|
||||
.IP CURLSSLOPT_NATIVE_CA
|
||||
Tell libcurl to use the operating system's native CA store for certificate
|
||||
verification. Works only on Windows when built to use OpenSSL. If you set this
|
||||
option and also set a CA certificate file or directory then during verification
|
||||
those certificates are searched in addition to the native CA store.
|
||||
(Added in 7.71.0)
|
||||
.IP CURLSSLOPT_AUTO_CLIENT_CERT
|
||||
Tell libcurl to automatically locate and use a client certificate for
|
||||
authentication, when requested by the server. This option is only supported
|
||||
|
|
|
|||
|
|
@ -61,8 +61,9 @@ library). If combined with \fICURLSSLOPT_NO_REVOKE\fP, the latter takes
|
|||
precedence. (Added in 7.70.0)
|
||||
.IP CURLSSLOPT_NATIVE_CA
|
||||
Tell libcurl to use the operating system's native CA store for certificate
|
||||
verification. Works only on Windows when built to use OpenSSL. This option is
|
||||
experimental and behavior is subject to change.
|
||||
verification. Works only on Windows when built to use OpenSSL. If you set this
|
||||
option and also set a CA certificate file or directory then during verification
|
||||
those certificates are searched in addition to the native CA store.
|
||||
(Added in 7.71.0)
|
||||
.IP CURLSSLOPT_AUTO_CLIENT_CERT
|
||||
Tell libcurl to automatically locate and use a client certificate for
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue