On December 28 2023, bugreport 12604 was filed in the curl issue tracker. We get a lot issues filed most days so this fact alone was hardly anything out of the ordinary. We read the reports, investigate, ask follow-up questions to see what we can learn and what we need to address.

  • groet@feddit.de
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    8 months ago

    Wait so without the option it checks against the system trust store and with the option it does exactly the same (but may also includes an additional CA if that was passed as the argument)?

    This should be a cve. There is a security feature. It does not work as documented. That’s a vulnerability. That should get a cve.

    Wtf apple

  • PlutoniumAcid@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    8 months ago

    As usual, Apple arrogantly knowns better than the experts and things their own weird way. Undocumented, even. Bravo…

    • lad@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      It seems to be slightly documented somewhere in the man depths, as was presented in the comments to this blog post.

      Still, this is an exemplary work in obscuring everything the user may need