On 20 Jun 2025, at 20:43, Ivan Zhakov <i...@apache.org> wrote: > I didn't look at the patch yet, but I have general concern: serf doesn't > depend on OpenSSL. E.g. it may use Crypto API on Windows in future. So I > think we should avoid exposing OpenSSL in public serf API. Is it possible > to abstract URI somehow? Maybe some kind of flag?
We aren't exposing any openssl specific API. URIs have been standardised ages ago, OpenSSL caught up to this with OpenSSL3, now it's our turn to catch up. https://www.rfc-editor.org/rfc/rfc7512.txt https://datatracker.ietf.org/doc/html/rfc8089 Where not standardised in an RFC, it would be expected that anyone implementing a Crypto API on windows would follow the same URI scheme already established: https://github.com/Lipovlan/cng-openssl-provider This patch brings the option for Windows users to, right now, today, use their native Windows certificate store. It's time end users had security that was easy to use. Regards, Graham --
