620401f193
After Gmail called out the typo I fixed on
532d89a866, I've decided to paste the
whole man page into Google docs and check what other issues it would
spot.
I know, it sounds silly, but I've just spent the last hour and a half
going over each one of them and fixing everything which was a true
finding and non-controversial.
Closes #17480
1.3 KiB
| c | SPDX-License-Identifier | Long | Help | Protocols | Category | Added | Multi | See-also | Example | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. | curl | ca-native | Load CA certs from the OS | TLS | tls | 8.2.0 | boolean |
|
|
--ca-native
Use the operating system's native CA store for certificate verification.
This option is independent of other CA certificate locations set at run time or build time. Those locations are searched in addition to the native CA store.
This option works with OpenSSL and its forks (LibreSSL, BoringSSL, etc) on Windows. (Added in 7.71.0)
This option works with wolfSSL on Windows, Linux (Debian, Ubuntu, Gentoo, Fedora, RHEL), macOS, Android and iOS. (Added in 8.3.0)
This option works with GnuTLS. (Added in 8.5.0)
This option works with rustls on Windows, macOS, Android and iOS. On Linux it is equivalent to using the Mozilla CA certificate bundle. When used with rustls only the native CA store is consulted, not other locations set at run time or build time. (Added in 8.13.0)
This option currently has no effect for Schannel or Secure Transport. Those are native TLS libraries from Microsoft and Apple, respectively, that by default use the native CA store for verification unless overridden by a CA certificate location setting.