FYI from curl list.
Ilmari
-------- Forwarded Message --------
Subject: Re: LibreOffice uses SChannel and SecureTransport, please don't
remove them
Date: Wed, 15 Jan 2025 08:26:27 +0100 (CET)
From: Daniel Stenberg <dan...@haxx.se>
To: Ilmari Lauhakangas via curl-library <curl-libr...@lists.haxx.se>
CC: Ilmari Lauhakangas <ilmari.lauhakan...@libreoffice.org>
On Tue, 14 Jan 2025, Ilmari Lauhakangas via curl-library wrote:
The main advantage is that users can use the OS UI to add self-signed
certificates and then presumably they work automatically with LibreOffice.
At the moment we don't know, if this could be pulled off with OpenSSL as
well.
Forgive me, but this just says you use SecureTransport today and you
don't even know if you can switch over to OpenSSL without losing
functionality. That's a pretty weak argument if you ask me.
But I can help you out and say that OpenSSL does not natively support
accessing the Apple OSes native certificate store. There needs to be
code added for this. We can add that code in the backend code in curl,
but someone needs to do it.
wolfSSL is a TLS library that already has this support built-in [1].
[1] =
https://www.wolfssl.com/wolfssl-extends-support-for-system-ca-certificates-to-apple-devices/
