mirror of
https://github.com/curl/curl.git
synced 2024-11-27 05:50:21 +08:00
8a3740bc8e
Add the ability to embed a CA bundle into the curl binary. It is used when no other runtime or build-time option set one. This helps curl-for-win macOS and Linux builds to run standalone, and also helps Windows builds to avoid picking up the CA bundle from an arbitrary (possibly world-writable) location (though this behaviour is not currently disablable). Usage: - cmake: `-DCURL_CA_EMBED=/path/to/curl-ca-bundle.crt` - autotools: `--with-ca-embed=/path/to/curl-ca-bundle.crt` - Makefile.mk: `CURL_CA_EMBED=/path/to/curl-ca-bundle.crt` Also add new command-line option `--dump-ca-embed` to dump the embedded CA bundle to standard output. Closes #14059
776 B
776 B
| c | SPDX-License-Identifier | Long | Help | Protocols | Category | Added | Multi | See-also | Example | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. | curl | ca-native | Load CA certs from the OS | TLS | tls | 8.2.0 | boolean |
|
|
--ca-native
Use the CA store from the native operating system to verify the peer. By default, curl otherwise uses a CA store provided in a single file or directory, but when using this option it interfaces the operating system's own vault.
This option works for curl on Windows when built to use OpenSSL, wolfSSL (added in 8.3.0) or GnuTLS (added in 8.5.0). When curl on Windows is built to use Schannel, this feature is implied and curl then only uses the native CA store.