cURL / Mailing Lists / curl-users / Single Mail

curl-users

How to tell curl to send my public cert in the handshake?

From: Curt Bogmine <curt.bogmine_at_gmail.com>
Date: Tue, 28 Jul 2009 13:55:29 -0600

Sorry for the newbieness factor here, but I'm trying to upload 20KB text
file using SSL (TLS, really). I'm on a wintel environment, using curl
7.19.5. The TLS handshake, as I understand it, starts off like:

1. Client sends "client hello" along with a random value and the cipher
suites that the client supports.
2. Server responds with a "Sever hello", along with its random value.
3. Server sends its cert to the client and optionally requests a public cert
back from the client.
4. Client sends its public cert to the server....
....
other magic ensues
...

Allright, so my command so far is:

curl -v "https://123.456.78.90" -F file=@SomeBigFile.txt

The error is: curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
alert bad certificate

The receiving party tells me they are expecting me to send them my public
cert (step 4, above) and it appears curl ain't sending it. This is
understandable, I guess, since nowhere am I telling curl to send the public
cert, nor where the public cert is located. The question is:

a) how can I tell curl where my public cert file is stored, and
b) how can I tell curl to send it?

Note - I don't think the --cert/-E option applies here, because I'm
concerned with sending my PUBLIC cert and the documentation describes the
--cert/-E option as relating to the PRIVATE cert. Here's an exerpt from the
documentation: "Note that this option assumes a "certificate" file that is
the private key and the private certificate concatenated!" I do have a
private key, which I would expect to need when I get as far as actually
encryping the payload, but I don't think I'm even getting that far.

Note - I'm properly validating the server's cert against my ca-bundle. All
that seems to be fine. I'm just at a loss as to how to complete the
transmission of my public cert to them. Any light you could shine on this
would be greatly appreciated!

-Robert

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-07-28