On Thu, 28 Aug 2014, Arif Ali Saiyed wrote:

> Is there any simple way of telling libCurl to use host machine's SSL
> certificate store? If its on Windows point to windows default cert store if
> its on Mac point to Mac's cert store.

I believe that's what you get if you use the "native" TLS library that comes
with the Operating systems. Windows, Mac OS X or Linux distros.

But I'll complicate the issue for you. Why would your application blindly
trust exactly those CAs that the different operating systems trust? Or put
another way, if you don't trust a certain CA on one operating system, why
would you trust it on another?

> 4. multiple browsers on same operating system use the same certificate
> store or all of them have their on certificate store?

IMHO, all applications and especially browsers, should make sure to only have
certificates for CAs they trust and they should have their own bundle for
that. Thus they need to maintain their own bundle. Also, an application can
very well decide to trust a CA that the operating system vendor doesn't.

> 5. Do i need to worry about nss?

If you want to use libcurl built to use nss, sure.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html