cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: How to tell curl to send my public cert in the handshake?

From: Curt Bogmine <curt.bogmine_at_gmail.com>
Date: Wed, 29 Jul 2009 14:33:38 -0600

On Wed, Jul 29, 2009 at 3:28 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> But there's no particular "public cert" from a client. You just have the
> client cert, which then really is a cert and a private key as both must be
> used.

I guess I called it a 'public cert' because it contains within it my public
key.

> Given all this, I really think you want to use the client cert options to
> provide a cert and private key to the SSL handshake!

I took your advice, and based on the documentation concatenated (using
wordpad) my cert file and my private key file into one. At first I thought,
"I don't feel right asking curl to send something that contains my private
key to the server" but then I realized that the private key wasn't being
sent, just used - presumably to encrypt my client cert.

Then I read I could the specify the private key file separately, eliminating
the concatenation step, above. My command now looks like:

curl -v "https://123.456.78.90" -E ClientCert.crt --key PrivateKey.pem
--pass SomeFunkyPassword -F file=@SomeBigFile.txt

And it works much, much better. Still some issues, but I think I'm over the
biggest hurdles. Thanks for you help!

P.S. - for me, some confusion would have been avoided had the -E explanation
referred to just "cert" or "client cert" versus "private cert". Just a
thought.

-RCB.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-07-29