On 10/6/2012 5:53 PM, Nick Zitzmann wrote:
> On Oct 6, 2012, at 5:19 PM, Jeff McKay <jeff.mckay_at_comaxis.com> wrote:
>
>> I was able to build 7.27 using ENABLE_WINSSL=yes and getting rid of WITH_SSL. This is a separate
>> question, but I was wondering about the advantage/disadvantage of using Windows SSL instead of
>> openssl - any comments?
> There are two advantages to going native:
> 1. It's one less dependency necessary for deployment (assuming you don't need SSH).
> 2. You don't need a certificate bundle to get trust evaluation to work correctly, since both Schannel and Secure Transport (the other SSL engine added to 7.27) get their certificates directly from the OS.
>
> Marc is correct, though, that neither the Schannel or Secure Transport engines support some of the more advanced features the OpenSSL engine supports, such as client-side certificates and the ability to customize the algorithms. Also, they're new, and they will be a little more stable in the next release.
I tried a quick test of 7.27/WinSSL using my existing application. I
recompiled it using the new import library and headers, and
substituted the new libcurl.dll. No changes to my coding. Initial
results don't look too promising. I basically get the schannel error
"failed to setup extended errors". I've attached the full curl
logging. Since OpenSSL continues to work fine with 7.27 I'm not going
to spend too much time on this, but if anyone has any suggestions about
what the problem might be (perhaps I need to set
some additional curl options?) I would appreciate it.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html