Daniel Stenberg wrote, On 2008-08-16 13:03: > curl is completely independent from browsers, and when installed in > systems it usually uses the system-wide CA cert bundle. Of course it has > command line options to allow the user to specify what CA bundle to use > (or indeed other certs etc).
Daniel, thank you for that observation. It tells me that cURL is designed around the OpenSSL idea that the set of trusted certs is a system-wide set, rather than a per-user set. Previously, someone criticized NSS, saying that it was designed for use only on single-user systems, a criticism that I dispute. NSS is very much oriented toward each user have his own set of trusted flags. In contrast to NSS, the idea that there is only one system-wide set of trusted certs, and that each user does not have his own set, is a very single-user-system approach. Perhaps it is most appropriate for cURL to follow the OpenSSL system-wide cert store model when using OpenSSL, and to follow the NSS cert store for each user model when using NSS. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
