ca-native.md (1328B)
1 --- 2 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3 SPDX-License-Identifier: curl 4 Long: ca-native 5 Help: Load CA certs from the OS 6 Protocols: TLS 7 Category: tls 8 Added: 8.2.0 9 Multi: boolean 10 See-also: 11 - cacert 12 - capath 13 - dump-ca-embed 14 - insecure 15 - proxy-ca-native 16 Example: 17 - --ca-native $URL 18 --- 19 20 # `--ca-native` 21 22 Use the operating system's native CA store for certificate verification. 23 24 This option is independent of other CA certificate locations set at run time or 25 build time. Those locations are searched in addition to the native CA store. 26 27 This option works with OpenSSL and its forks (LibreSSL, BoringSSL, etc) on 28 Windows. (Added in 7.71.0) 29 30 This option works with wolfSSL on Windows, Linux (Debian, Ubuntu, Gentoo, 31 Fedora, RHEL), macOS, Android and iOS. (Added in 8.3.0) 32 33 This option works with GnuTLS. (Added in 8.5.0) 34 35 This option works with rustls on Windows, macOS, Android and iOS. On Linux it 36 is equivalent to using the Mozilla CA certificate bundle. When used with rustls 37 _only_ the native CA store is consulted, not other locations set at run time or 38 build time. (Added in 8.13.0) 39 40 This option currently has no effect for Schannel. This is the native TLS 41 library from Microsoft, that by default uses the native CA store for 42 verification unless overridden by a CA certificate location setting.