On Oct 6, 2012, at 5:19 PM, Jeff McKay <jeff.mckay_at_comaxis.com> wrote:

> I was able to build 7.27 using ENABLE_WINSSL=yes and getting rid of WITH_SSL. This is a separate
> question, but I was wondering about the advantage/disadvantage of using Windows SSL instead of
> openssl - any comments?

There are two advantages to going native:
1. It's one less dependency necessary for deployment (assuming you don't need SSH).
2. You don't need a certificate bundle to get trust evaluation to work correctly, since both Schannel and Secure Transport (the other SSL engine added to 7.27) get their certificates directly from the OS.

Marc is correct, though, that neither the Schannel or Secure Transport engines support some of the more advanced features the OpenSSL engine supports, such as client-side certificates and the ability to customize the algorithms. Also, they're new, and they will be a little more stable in the next release.

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-07