mirror of
https://github.com/curl/curl.git
synced 2026-04-14 23:51:42 +03:00
1730407b74
With the same semantics as Apple SecTrust, in both libcurl and the curl tool, when using non-Schannel TLS backends. In practice it means that it makes TLS work without manually or implicitly configuring a CA bundle `.crt` file, such as `curl-ca-bundle.crt`. To enable: - autotools: `--enable-ca-native` - cmake: `-DCURL_CA_NATIVE=ON` - CPPFLAGS: `-DCURL_CA_NATIVE` When enabled: - enables `CURLSSLOPT_NATIVE_CA` (libcurl) / `--ca-native` and `--proxy-ca-native` (curl tool) options by default. - unsafe search for an on-disk CA bundle gets disabled by default. Equivalent to `--disable-ca-search` with autotools, `-DCURL_DISABLE_CA_SEARCH=ON` with CMake. - build-time detection of CA bundle and CA path gets disabled. As with Apple SecTrust. This was already the default for Windows. - native CA can be disabled at run-time with the `--no-ca-native` and/or `--no-proxy-ca-native` command-line options. Rationale: This build option: - has a repeat and active interest from packagers and users. - helps integrating curl with Windows for those who need this. - it also applies to macOS: #17525 Shipped in curl 8.17.0. - makes it trivial to use custom certs configured on the OS. - frees applications/packagers/users from the task of securely distributing, and keeping up-to-date, a CA bundle. - frees potentially many curl tool from configuring a CA bundle manually to access HTTPS (and other TLS) URLs. This is traditionally difficult on Windows because there is no concept of a universal, protected, non-world-writable, location on the file system to securely store a CA bundle. - allows using modern features regardless of Windows version. Some of these features are not supported with Schannel (e.g. HTTP/3, ECH) on any Windows version. - is necessary for HTTP/3 builds, where bootstrapping a CA bundle is not possible with Schannel, because MultiSSL is not an option, and HTTP/3 is not supported with Schannel. Ref: #16181 (previous attempt) Ref: https://github.com/curl/curl/discussions/9348 Ref: https://github.com/curl/curl/issues/9350 Ref: https://github.com/curl/curl/pull/13111 Ref: https://github.com/microsoft/vcpkg/pull/46459#issuecomment-3162068701 Ref: |
||
|---|---|---|
| .. | ||
| cmdline-opts | ||
| examples | ||
| internals | ||
| libcurl | ||
| tests | ||
| .gitignore | ||
| ALTSVC.md | ||
| BINDINGS.md | ||
| BUG-BOUNTY.md | ||
| BUGS.md | ||
| CIPHERS-TLS12.md | ||
| CIPHERS.md | ||
| CMakeLists.txt | ||
| CODE_OF_CONDUCT.md | ||
| CODE_REVIEW.md | ||
| CONTRIBUTE.md | ||
| curl-config.md | ||
| CURL-DISABLE.md | ||
| CURLDOWN.md | ||
| DEPRECATE.md | ||
| DISTROS.md | ||
| EARLY-RELEASE.md | ||
| ECH.md | ||
| EXPERIMENTAL.md | ||
| FAQ.md | ||
| FEATURES.md | ||
| GOVERNANCE.md | ||
| HELP-US.md | ||
| HISTORY.md | ||
| HSTS.md | ||
| HTTP-COOKIES.md | ||
| HTTP3.md | ||
| HTTPSRR.md | ||
| INFRASTRUCTURE.md | ||
| INSTALL | ||
| INSTALL-CMAKE.md | ||
| INSTALL.md | ||
| INTERNALS.md | ||
| IPFS.md | ||
| KNOWN_BUGS.md | ||
| KNOWN_RISKS.md | ||
| MAIL-ETIQUETTE.md | ||
| Makefile.am | ||
| MANUAL.md | ||
| mk-ca-bundle.md | ||
| options-in-versions | ||
| README.md | ||
| RELEASE-PROCEDURE.md | ||
| ROADMAP.md | ||
| runtests.md | ||
| RUSTLS.md | ||
| SECURITY-ADVISORY.md | ||
| SPONSORS.md | ||
| SSL-PROBLEMS.md | ||
| SSLCERTS.md | ||
| testcurl.md | ||
| THANKS | ||
| THANKS-filter | ||
| TheArtOfHttpScripting.md | ||
| TODO.md | ||
| URL-SYNTAX.md | ||
| VERSIONS.md | ||
| VULN-DISCLOSURE-POLICY.md | ||
| wcurl.md | ||
Documentation
You find a mix of various documentation in this directory and subdirectories, using several different formats. Some of them are not ideal for reading directly in your browser.
If you would rather see the rendered version of the documentation, check out the curl website's documentation section for general curl stuff or the libcurl section for libcurl related documentation.