curl/docs/cmdline-opts/proxy-ca-native.md

---
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Long: proxy-ca-native
Help: Load CA certs from the OS to verify proxy
Protocols: TLS
Category: tls
Added: 8.2.0
Multi: boolean
See-also:
  - cacert
  - capath
  - dump-ca-embed
  - insecure
Example:
  - --proxy-ca-native $URL
---

# `--proxy-ca-native`

Use the CA store from the native operating system to verify the HTTPS proxy.
By default, curl uses a CA store provided in a single file or directory, but
when using this option it interfaces the operating system's own vault.

This option works for curl on Windows when built to use OpenSSL, wolfSSL
(added in 8.3.0) or GnuTLS (added in 8.5.0). When curl on Windows is built to
use Schannel, this feature is implied and curl then only uses the native CA
store.
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00			`---`
curl: add --ca-native and --proxy-ca-native These are two boolean options to ask curl to use the native OS's CA store when verifying TLS servers. For peers and for proxies respectively. They currently only have an effect for curl on Windows when built to use OpenSSL for TLS. Closes #11049 2023-06-04 05:48:37 +08:00			`c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.`
			`SPDX-License-Identifier: curl`
			`Long: proxy-ca-native`
cmdline-opts: shorter help texts In an effort to increase the readability of the "--help all" output on narrow (80 column) terminals. Co-authored-by: Jay Satiro Closes #13169 2024-03-25 17:02:30 +08:00			`Help: Load CA certs from the OS to verify proxy`
curl: add --ca-native and --proxy-ca-native These are two boolean options to ask curl to use the native OS's CA store when verifying TLS servers. For peers and for proxies respectively. They currently only have an effect for curl on Windows when built to use OpenSSL for TLS. Closes #11049 2023-06-04 05:48:37 +08:00			`Protocols: TLS`
			`Category: tls`
			`Added: 8.2.0`
			`Multi: boolean`
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00			`See-also:`
			`- cacert`
			`- capath`
curl: support embedding a CA bundle Add the ability to embed a CA bundle into the curl binary. It is used when no other runtime or build-time option set one. This helps curl-for-win macOS and Linux builds to run standalone, and also helps Windows builds to avoid picking up the CA bundle from an arbitrary (possibly world-writable) location (though this behaviour is not currently disablable). Usage: - cmake: `-DCURL_CA_EMBED=/path/to/curl-ca-bundle.crt` - autotools: `--with-ca-embed=/path/to/curl-ca-bundle.crt` - Makefile.mk: `CURL_CA_EMBED=/path/to/curl-ca-bundle.crt` Also add new command-line option `--dump-ca-embed` to dump the embedded CA bundle to standard output. Closes #14059 2024-06-29 09:30:14 +08:00			`- dump-ca-embed`
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00			`- insecure`
			`Example:`
cmdline-docs: fix `--proxy-ca-native` example + tidy-ups Also: - fix an indentation. - fix capitalized option in comment. Closes #14078 2024-07-02 03:25:33 +08:00			`- --proxy-ca-native $URL`
curl: add --ca-native and --proxy-ca-native These are two boolean options to ask curl to use the native OS's CA store when verifying TLS servers. For peers and for proxies respectively. They currently only have an effect for curl on Windows when built to use OpenSSL for TLS. Closes #11049 2023-06-04 05:48:37 +08:00			`---`
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00
			# `--proxy-ca-native`

cmdline-opts: language cleanups Use imperative mood consistently for the first sentence describing an option. "Set this" instead "tell curl to set" or "this sets..." Plus some extra cleanups and rephrasing. Closes #13106 2024-03-12 17:34:58 +08:00			`Use the CA store from the native operating system to verify the HTTPS proxy.`
			`By default, curl uses a CA store provided in a single file or directory, but`
			`when using this option it interfaces the operating system's own vault.`
curl: add --ca-native and --proxy-ca-native These are two boolean options to ask curl to use the native OS's CA store when verifying TLS servers. For peers and for proxies respectively. They currently only have an effect for curl on Windows when built to use OpenSSL for TLS. Closes #11049 2023-06-04 05:48:37 +08:00
cmdline-opts: update availability for the *-ca-native options Closes #12613 2023-12-31 23:49:54 +08:00			`This option works for curl on Windows when built to use OpenSSL, wolfSSL`
			`(added in 8.3.0) or GnuTLS (added in 8.5.0). When curl on Windows is built to`
			`use Schannel, this feature is implied and curl then only uses the native CA`
			`store.`