When you communicate using HTTPS, FTPS or other TLS-using servers using certificates that are signed by CAs present in the store, you can be sure that the remote server really is the one it claims to be. this way you validate trust sites.
LibCurl have three flavours of TLS Backends.
- Certificate Verification with NSS
- Certificate Verification with OpenSSL
- Certificate Verification with GnuTLS
The three of them are libraries for establish a secure link and validate trust CA Certificates but each library has is own features, pros and cons.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures.
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
Something very important is that when programming you must select a single library to work with since it is not possible to combine them.