Possibility to set CURLSSLOPT_NATIVE_CA through proj.ini #4338
Labels
Comments
|
You're welcome to provide a pull requet implementing your suggestion. Alternatively I could offer my services to do that (cf https://www.spatialys.com/en/home/) |
Robrecht-VS
added a commit
to Robrecht-VS/PROJ_native_ca
that referenced
this issue
Dec 17, 2024
…variable PROJ_NATIVE_CA to be able to configure curl to use the operating system CA store.
Robrecht-VS
added a commit
to Robrecht-VS/PROJ_native_ca
that referenced
this issue
Dec 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would like to suggest a feature to make it possible to use the Windows Certificate Store to get trusted CA certificates. I think a nice way to do this would be to add a boolean option to proj.ini to allow the user to set CURLSSLOPT_NATIVE_CA, maybe called
native_ca. CURLSSLOPT_NATIVE_CA is part of : CURL_SSL_OPTIONSThe reason we want to do this is because we have a customer that uses Zscaler. Zscaler is network security software that does deep packet inspection by doing a MITM on all ssl handshakes. For applications to be able to work with this setup, they need to trust the Zscaler CA certificate because that is the one they will actually see. In PROJ it is currently only possible to use a file that contains CA certs (curl-ca-bundle.crt), it would be very inconventient for our customer to have to manually add a certificate here on all machines. On Windows it is also most common for applications to use the Windows Certificate Store, so it would be very nice if PROJ supported this.
I am aware that you can configure the SSL_OPTIONS (which includes the CURLSSLOPT_NATIVE_CA flag) in PROJ (#3936) but we would prefer not to make and maintain our own build of PROJ.
Thank you.
The text was updated successfully, but these errors were encountered: