https://curl.haxx.se/libcurl/c/CURLOPT_CAINFO.html says
%%%%%%%%%% [...] (iOS and macOS) If curl is built against Secure Transport, then this option is supported for backward compatibility with other SSL engines, but it should not be set. If the option is not set, then curl will use the certificates in the system and user Keychain to verify the peer, which is the preferred method of verifying the peer's certificate chain. (Schannel) This option is supported for Schannel in Windows 7 or later but we recommend not using it until Windows 8 since it works better starting then. Added in libcurl 7.60. This option is supported for backward compatibility with other SSL engines; instead it is recommended to use Windows' store of root certificates (the default for Schannel). [..] AVAILABILITY For SSL engines that don't support certificate files the CURLOPT_CAINFO option is ignored. Refer to https://curl.haxx.se/docs/ssl-compared.html %%%%%%%%%%% In the table in https://curl.haxx.se/docs/ssl-compared.html, it has "Uses Certificate/Key Files" as a "no" for Schannel and Secure Transport, and lower down: "For engines that use a database and don't also support files, the CURLOPT_CAINFO option is ignored." If I'm understanding them correctly, these two sources contradict each other, CURLOPT_CAINFO is supported for Schannel and Secure Transport, and it isn't ignored. It isn't the preferred/recommended method for those back-ends, but it is expected to work. Is this correct? Happy to create issue and try a PR if so, and very happy to be corrected before I start to rely on setting CURLOPT_CAINFO for these backends. -- Richard ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
