git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-16 01:25:14 +08:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity
abd400a972
curl-curl/docs/cmdline-opts/ca-native.md
Daniel McCarney 8836e65967
docs: add rustls --ca-native & CURLSSLOPT_NATIVE_CA 
The one important caveat is that presently _only_ the native platform
verifier/CAs are consulted when this option is used w/ rustls.

Closes #16848
2025-03-27 22:54:24 +01:00

1.3 KiB
Raw Blame History

c SPDX-License-Identifier Long Help Protocols Category Added Multi See-also Example
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. curl ca-native Load CA certs from the OS TLS tls 8.2.0 boolean
cacert
capath
dump-ca-embed
insecure
proxy-ca-native
--ca-native $URL

--ca-native

Use the operating system's native CA store for certificate verification.

This option is independent of other CA certificate locations set at run time or build time. Those locations are searched in addition to the native CA store.

This option works with OpenSSL and its forks (LibreSSL, BoringSSL, etc) on Windows. (Added in 7.71.0)

This option works with wolfSSL on Windows, Linux (Debian, Ubuntu, Gentoo, Fedora, RHEL), macOS, Android and iOS. (Added in 8.3.0)

This option works with GnuTLS. (Added in 8.5.0)

This options works with rustls on Windows, macOS, Android and iOS. On Linux it is equivalent to using the Mozilla CA certificate bundle. When used with rustls only the native CA store is consulted, not other locations set at run time or build time. (Added in 8.13.0)

This option currently has no effect for Schannel or Secure Transport. Those are native TLS libraries from Microsoft and Apple, respectively, that by default use the native CA store for verification unless overridden by a CA certificate location setting.