On 19 September 2013 17:31, Pierre Joye <pierre....@gmail.com> wrote: > On Thu, Sep 19, 2013 at 2:41 PM, Adam Harvey <ahar...@php.net> wrote: >> As for the CA bundle side of things, I wonder if this is one of those >> rare times where an ini setting might make sense, as opposed to actual >> bundling — that would allow distros to point to their packaged bundles >> without needing to patch php-src, and we could provide from-source >> installation instructions easily enough to point to common distro >> locations and the cURL download for users on more exotic OSes (like >> Windows). > > Windows supports that very well, with Curl for example. It can also > uses the OS certificates database. > > For the record here, curl has this setting already: > > http://us2.php.net/manual/en/curl.configuration.php#ini.curl.cainfo > > which is around for quite some time already. > > It could be possible to share it with openssl, but back then I did not > check it out as only curl was concerned.
Is that something cURL provides, or that we do? A (very) cursory Google suggests that OpenSSL doesn't have support for the Windows certificate store natively, so we'd presumably have to patch that up (with a sensible default php.ini setting, if we went that way — "ssl.ca_bundle = win32", or something similar). > One thing I do not remember off hand is if we actually enable cert > validation per default with php's curl. It should be as we discussed > that already many times. We do. I checked before the first e-mail. :) Adam -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php