8a3740bc8e
Add the ability to embed a CA bundle into the curl binary. It is used when no other runtime or build-time option set one. This helps curl-for-win macOS and Linux builds to run standalone, and also helps Windows builds to avoid picking up the CA bundle from an arbitrary (possibly world-writable) location (though this behaviour is not currently disablable). Usage: - cmake: `-DCURL_CA_EMBED=/path/to/curl-ca-bundle.crt` - autotools: `--with-ca-embed=/path/to/curl-ca-bundle.crt` - Makefile.mk: `CURL_CA_EMBED=/path/to/curl-ca-bundle.crt` Also add new command-line option `--dump-ca-embed` to dump the embedded CA bundle to standard output. Closes #14059
30 lines
776 B
Markdown
30 lines
776 B
Markdown
---
|
|
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
SPDX-License-Identifier: curl
|
|
Long: ca-native
|
|
Help: Load CA certs from the OS
|
|
Protocols: TLS
|
|
Category: tls
|
|
Added: 8.2.0
|
|
Multi: boolean
|
|
See-also:
|
|
- cacert
|
|
- capath
|
|
- dump-ca-embed
|
|
- insecure
|
|
Example:
|
|
- --ca-native $URL
|
|
---
|
|
|
|
# `--ca-native`
|
|
|
|
Use the CA store from the native operating system to verify the peer. By
|
|
default, curl otherwise uses a CA store provided in a single file or
|
|
directory, but when using this option it interfaces the operating system's own
|
|
vault.
|
|
|
|
This option works for curl on Windows when built to use OpenSSL, wolfSSL
|
|
(added in 8.3.0) or GnuTLS (added in 8.5.0). When curl on Windows is built to
|
|
use Schannel, this feature is implied and curl then only uses the native CA
|
|
store.
|