cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Help: Problem with SSL server under libcurl

From: Cris Bailiff <c.bailiff+curl_at_devsecure.com>
Date: Tue, 8 Jul 2003 14:50:23 +1000

(Followups to the curl-library list, please):

On Tue, 8 Jul 2003 07:51 am, Herménégille wrote:
> Hi,
> I have used libcurl 7.10.5 for two months now.
> Most of the programs I have done work for HTTP server.
> The examples gave me the help I needed and the
> tutorial
> to. So everything works fine. But now I must connect
> on tdcanadatrust (bank) and it use SSL as protection.
> This is new to me but I found some sites to get more
> explanation about SSL.
>
> I looked to simplessl.c to figure out how I
> should do.

You almost certainly don't need to use the 'simplessl.c' example - that
example is for when you want to use an SSL client certificate to authenticate
to the server. If your bank just gave you a user name and password, this is
not what you want.

> I want informations on my account but for
> some reason I can't store HTML in my struct object
> like I did with HTTP server.

I don't know what you're trying to do here... For a regular 'ssl' site, just
use 'https://' instead of 'http://' and then program (lib)curl as normal.

> I tried to create a CA
> for
> client with the CA.sh utility but I have some error
> during the process. What I want to know is:
>
> -Is it necessary to create a certificate?
> if yes,

No. If you need a client certificate (unlikely), your bank would have told you
how to make one (with some 'signup' page or a windows program), or supplied
one to you (as a file or floppy disk).

> -Is CA.sh is a good utility to create certificate?
> (I know that you talk about it in you doc section
> on the official web page)
> if yes,

Yes, if you know what you are trying to do. It's not much use to you.

> -When do I specify the URL?
> -Does a certificate is valid for more than one
> URL?

A certificate (client or server) certifies the identity of the machine
(website, hostname), not each individual page (URL), so 'Yes'.

> -Should I create a new handle to get the html from
> the server? (I think not)

You can use the same libcurl handle for https:// and http:// urls. Curl will
work it out.

> Most of my code is similar to simplessl.c. Finally
> I am under mandrake 9.1.

As noted, you should just stick to 'simple.c' or 'simplepost.c' as examples,
and just use 'https://' instead of 'http://'.

(You are on a linux platform, so you shouldn't need to worry about your
'curl-ca-bundle' file - it should be already installed in the right place and
should contain the correct information to recognise your bank server. Windows
users would probably have to do a little libcurl work to either properly
configure or turn off ssl security checks).

Cris

-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
Received on 2003-07-08