-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wolfssl: support loading system CA certificates #11452
Conversation
f10757b
to
fc147ea
Compare
The wolfSSL function used for this purpose supports many more native CA stores, so maybe this should be reflected in the docs? See wolfSSL/wolfssl#6629 |
Mentioning more native CA stores would mean that we'd have to sync the list of supported CA stores with the wolfSSL documentation. Is that okay? |
This PR unfortunately didn't make it into 8.2.0 due to lack of time. It will instead be targeted for 8.3.0 but could use that update in the docs. |
Docs have been updated: eb64b9d |
Thanks! |
Sorry to post on a closed PR, but this does not necessarily compile on msvc unless you build wolfssl with WOLFSSL_SYS_CA_CERTS. |
If this is an issue, then file an issue. Just commenting here has little effect. |
The wolfssl backend currently does not support loading the system CA certificates. However, wolfSSL has built-in support for this functionality.
This PR ensures that system CA certs are loaded when the CURLSSLOPT_NATIVE_CA bit is set.
In case the system CA store cannot be read, the program will continue. If the system CA store was read successfully, but certificates could not be read either from memory or from disk, the program will still continue. This is the same behaviour that the OpenSSL backend exhibits.