Skip to content

wolfssl: support loading system CA certificates#11452

Closed
darktohka wants to merge 5 commits intocurl:masterfrom
darktohka:feature/wolfssl-ca-store
Closed

wolfssl: support loading system CA certificates#11452
darktohka wants to merge 5 commits intocurl:masterfrom
darktohka:feature/wolfssl-ca-store

Conversation

@darktohka
Copy link
Contributor

@darktohka darktohka commented Jul 17, 2023

The wolfssl backend currently does not support loading the system CA certificates. However, wolfSSL has built-in support for this functionality.

This PR ensures that system CA certs are loaded when the CURLSSLOPT_NATIVE_CA bit is set.

In case the system CA store cannot be read, the program will continue. If the system CA store was read successfully, but certificates could not be read either from memory or from disk, the program will still continue. This is the same behaviour that the OpenSSL backend exhibits.

@darktohka darktohka force-pushed the feature/wolfssl-ca-store branch from f10757b to fc147ea Compare July 17, 2023 13:54
@bagder bagder added the TLS label Jul 17, 2023
@bagder
Copy link
Member

bagder commented Jul 17, 2023

The wolfSSL function used for this purpose supports many more native CA stores, so maybe this should be reflected in the docs? See wolfSSL/wolfssl#6629

@darktohka
Copy link
Contributor Author

darktohka commented Jul 17, 2023

Mentioning more native CA stores would mean that we'd have to sync the list of supported CA stores with the wolfSSL documentation. Is that okay?

@github-actions github-actions bot added the CI Continuous Integration label Jul 17, 2023
@bagder
Copy link
Member

bagder commented Jul 19, 2023

This PR unfortunately didn't make it into 8.2.0 due to lack of time. It will instead be targeted for 8.3.0 but could use that update in the docs.

@darktohka
Copy link
Contributor Author

darktohka commented Jul 19, 2023

Docs have been updated: eb64b9d

@bagder bagder added the feature-window A merge of this requires an open feature window label Jul 21, 2023
@bagder bagder closed this in 4f9c20d Jul 31, 2023
@bagder
Copy link
Member

bagder commented Jul 31, 2023

Thanks!

@darktohka darktohka deleted the feature/wolfssl-ca-store branch August 1, 2023 12:55
@michael-o michael-o mentioned this pull request Sep 19, 2023
Closed
ptitSeb pushed a commit to wasix-org/curl that referenced this pull request Sep 25, 2023
@darktohka @ptitSeb
wolfssl: support loading system CA certificates
38daefb 
Closes curl#11452
@Megamouse
Copy link

Megamouse commented Sep 25, 2023

Sorry to post on a closed PR, but this does not necessarily compile on msvc unless you build wolfssl with WOLFSSL_SYS_CA_CERTS.
I don't know if that's just some random issue with my build setup or if it's an issue with the ifdefs used in curl/wolfssl.

@bagder
Copy link
Member

bagder commented Sep 25, 2023

If this is an issue, then file an issue. Just commenting here has little effect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bagder bagder bagder approved these changes

Assignees

No one assigned

Labels

CI Continuous Integration feature-window A merge of this requires an open feature window TLS

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@darktohka @bagder @Megamouse