chriskilding
commented
2 years ago The response to https://github.com/apple/swift-corelibs-foundation/issues/4625 shows that Swift Windows users benefit from Schannel support by default:
URLSession is backed by curl, which is built with native Windows Schannel support. It uses system certificate store.
Tracking support for native TLS certificate verification in Swift.
The assumption is that almost all Swift developers use Apple's networking classes either directly (e.g.
URLSessionfromFoundation, or the TCP / UDP classes fromNetwork.framework) or indirectly (wrapped in a Swift library).Apple platforms
On Apple platforms, Apple's implementations of Foundation / Network / Security is used. These use the native Apple Keychain by default. Easy!
Other platforms
Outside of Apple's platforms, reimplementations of the APIs are used:
Foundation-> https://github.com/apple/swift-corelibs-foundationNetwork.framework-> TODO find outSecurity.framework-> TODO find outExamining the class https://github.com/apple/swift-corelibs-foundation/blob/eec4b26deee34edb7664ddd9c1222492a399d122/Sources/FoundationNetworking/URLSession/libcurl/EasyHandle.swift we see that libcurl is used to reimplement HTTPS networking.
Windows
The precompiled version of Swift for Windows (the one you download from Swift.org) includes
swift-corelibs-foundation. Project maintainers have confirmed that this uses Curl under the hood for HTTPS networking. This version of Curl is built with the Windows Schannel backend. The Swift for Windows toolchain is a single big .exe (over 400MB), so it is likely that this build of Curl is included in the toolchain. Therefore, users of the precompiled Swift for Windows are guaranteed native TLS cert verification out of the box (at least for HTTPS connections).TODO: confirm whether Curl is built with the Schannel backend by default if you compile swift-corelibs-foundation yourself (rather than downloading the precompiled binary).
Linux
TODO investigate
Android
TODO investigate