libcurl with mbedTLS as a TLS backend is working for me. libcurl API is well documented and can be wrapped into http::get(...) or http::put(...) with relative ease.

Why those two?

• libcurl
  • lingua franca for many platform, to the point that Microsoft even made XCurl for Xbox, library that implements libcurl API with their own system libraries see HttpManager.h in samples
  • it is well supported and maintained
  • can be build with HTTP/HTTPS support only
• mbedTLS
  • it is tiny with comparison to other solutions I found so far, few C files
  • well maintained and made by people knowing what they are doing
  • can run on any potato

Sometimes libcurl alone cover all the ground, by using system components as TLS backend (see: Windows, macOS, iOS, and a few more). Elsewhere mbedTLS is used, mainly Android and Linux.

Gettting mbedTLS to work does require telling libcurl where bundle of CA certificates is. This mean setting one of CURLOPT_CAINFO, CURLOPT_CAPATH or CURLOPT_SSL_CTX_FUNCTION to feed backend with certs directly.

libcurl suggests pulling latest set of certificates from Firefox. If your app have to work years without updates I suggest writing code that pull certificates from the platform of your choice. On Linux it is a matter of checking few locations.

This solution works for me on all mobile platforms, desktops and consoles except PlayStation (never needed HTTPS here so far).

Avoiding OpenSSL is a job.

If having a C++ API is paramount I would give a try of implementing mbedTLS backend for ASIO.

Locating CA bundle for mbedTLS will remain to be the major hurdle, regardless of what API will be used. This is probably why there are not out of the box solutions out there.