Details
-
Improvement
-
Resolution: Fixed
-
Major
-
None
Description
On some platforms (Windows and MacOS) it might be challenging to access recent list of global root certificates, so to streamline default user experience many projects choose to bundle Mozilla certificates in one way or another. C++SDK uses OpenSSL directly, and does not try to discover root CAs from the wrapper's runtime or using OS means (like Windows certificates store), so one of the options would be embed and load certificates, and projects like https://curl.se/docs/caextract.html and https://mkcert.org allow to simplify process.
During the library build, we fetch the current bundle, record metadata (checksum and date), and embed certificates into the C++SDK to load later. Also it is possible to disable bundled certificates with "disable_mozilla_ca_certificates" option.
Attachments
For Gerrit Dashboard: CXXCBC-327 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
191091,4 | Update Couchbase++ to latest version | master | couchbase-python-client | Status: MERGED | +2 | +1 |