On Wed, 7 Apr 2021, Vojtěch Bubník via curl-library wrote:
since we switched libcurl to use the system provided back-end, self-signed
certificates evaluation fails on Windows and OSX.
I'll let you in on a secret: Schannel and Secure Transport are weird beasts
and not at easy to get to do what you want as some of the other TLS
libraries... That's just my opinion of course.
it looks as if there is no way to convince the OSX certificate back end to
accept such a certificate without bundling it with a signed application. Is
it true?
What happens if you add the CA cert to the normal CA bundle and use that?
Doesn't that work?
Why is Darwin back-end refusing the self-signed certificate even if it has
been marked as trusted in the keychain?
I don't know. Debug and find out?
Shouldn't libcurl offer a switch to disable revocation check of self-signed
certificates?
libcurl doesn't know "self-signed". but you can ask it to disable revocation
checks with CURLOPT_SSL_OPTIONS's CURLSSLOPT_NO_REVOKE bit.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
