On Tue, 3 Oct 2023, Andrew Patterson via curl-library wrote:
Trying [redacted]:443...
Connected to [redacted] ([redacted]) port 443 (#0)
ALPN, offering http/1.1
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificat
> > That's odd, because I did not specify anything on iOS (in code or when
> > building libcurl); I do on Android, but I have no idea where the
system
> > certificates are located on iOS. Do I disable that by explicitly
setting
> > CURLOPT_CAINFO to the empty string?
>
> Yes, try setting it
>
> It actually says
>
>On modern Apple operating systems, curl can be built to use Apple's
> SSL/TLS
>implementation, Secure Transport, instead of OpenSSL.
>
> I believe that is still accurate.
>
That's fair.
> > That's odd, because I did not specify anything on iOS (in code or when
> >
On Mon, 2 Oct 2023, Andrew Patterson via curl-library wrote:
It says in the 'Apple Platforms' section that the modern approach was to
use Secure Transport. Should that be updated?
It actually says
On modern Apple operating systems, curl can be built to use Apple's SSL/TLS
implementation,
Thanks so much for the replies!
> Unfortunately, silver bullets are rare. Secure Transport does not support
> TLS
> 1.3 which also might trigger some issues for you going forward.
Apple themselves have given up on Secure Transport and moved on. It is only
> provided for legacy.
I appreciate t
On Sun, 1 Oct 2023, Andrew Patterson via curl-library wrote:
I really thought switching to Secure Transport would be the silver bullet
Unfortunately, silver bullets are rare. Secure Transport does not support TLS
1.3 which also might trigger some issues for you going forward.
Apple themselv
On 10/1/2023 12:56 PM, Andrew Patterson via curl-library wrote:
We've been using libcurl for years but for a long time we were running
with peer validation disabled. I know that's terrible, and it wasn't
my decision, but I'm attempting to remedy it now.
It took a couple of hours, but I figured
Hello!
We've been using libcurl for years but for a long time we were running with
peer validation disabled. I know that's terrible, and it wasn't my
decision, but I'm attempting to remedy it now.
It took a couple of hours, but I figured out how to get SSL working
correctly with libcurl on Androi
