cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] Handle --cacert option on Mac OS X with darwinssl

From: Nick Zitzmann <>
Date: Tue, 22 Apr 2014 17:43:32 -0500

On Apr 20, 2014, at 4:39 PM, Vilmos Nebehaj <> wrote:

> attached a patch which implements --cacert when cURL is compiled with
> darwinssl support (Security Framework on Mac OS X).

I've skimmed over it, and I'm reluctant to include it in the next point release, mainly because this is a huge change to secure code used by millions of people[1], and we've already learned in the past two months how a single line in supposedly secure code can cause a huge security hole (see "goto fail" and Heartbleed).

We ought to consider this for a future release, though. Thanks for the patch.

Nick Zitzmann

[1] seriously, it's a core component of OS X starting in Mavericks

List admin:
Received on 2014-04-23