mirror of
https://github.com/curl/curl.git
synced 2026-04-25 04:02:12 +03:00
df1ff17f88
- Align --cacert behaviour with OpenSSL and LibreSSL. This changes the default behavior of Schannel manual certificate verification, which is used when the user provides their own CA certificates for verification, to accept partial chains. In other words, the user may provide an intermediate certificate without having to provide the root CA. Win8/Server2012 widened the PKIX chain traversal API to allow certificate traversal to terminate at an intermediate. This behaviour (terminate at the fist matching intermediate) is the default for LibreSSL and OpenSSL (with OpenSSL allowing control via CURLSSLOPT_NO_PARTIALCHAIN). This change uses the new API if it is available, and also allows the behaviour to revert legacy if CURLSSLOPT_NO_PARTIALCHAIN is present. Closes https://github.com/curl/curl/pull/17418 |
||
|---|---|---|
| .. | ||
| .checksrc | ||
| cipher_suite.c | ||
| cipher_suite.h | ||
| gtls.c | ||
| gtls.h | ||
| hostcheck.c | ||
| hostcheck.h | ||
| keylog.c | ||
| keylog.h | ||
| mbedtls.c | ||
| mbedtls.h | ||
| mbedtls_threadlock.c | ||
| mbedtls_threadlock.h | ||
| openssl.c | ||
| openssl.h | ||
| rustls.c | ||
| rustls.h | ||
| schannel.c | ||
| schannel.h | ||
| schannel_int.h | ||
| schannel_verify.c | ||
| vtls.c | ||
| vtls.h | ||
| vtls_int.h | ||
| vtls_scache.c | ||
| vtls_scache.h | ||
| vtls_spack.c | ||
| vtls_spack.h | ||
| wolfssl.c | ||
| wolfssl.h | ||
| x509asn1.c | ||
| x509asn1.h | ||