curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

curl client authentication with certificate and key sends an empty certificate message

From: Wai-Fong Yuen via curl-users <curl-users_at_cool.haxx.se>
Date: Thu, 17 Dec 2020 21:23:42 +0000 (UTC)

Hi, Hope someone can shed some light to my problem...
I executed the curl command on Windows 10,
curl  --cacert <pkcs7 package containing root CA and intermediate CA >  --cert <cert issued by an intermediate CA signed by the root in PEM format> --key <private key of the cert in PEM format> <https: domain:port>... --trace -
 ...
User-Agent: curl/7.55.1

* upload completely sent off: 980 out of 980 bytes
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 466
* schannel: encrypted data buffer: offset 466 length 103424
* schannel: decrypted data length: 129
* schannel: decrypted data added: 129
* schannel: decrypted data cached: offset 129 length 102400
* schannel: encrypted data length: 308
* schannel: encrypted data cached: offset 308 length 103424
* schannel: decrypted data length: 279
* schannel: decrypted data added: 279
* schannel: decrypted data cached: offset 408 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 408 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 408
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 403 Forbidden...
From the server SSL log:Sent SERVER-HELLO-DONE message..
Received CERTIFICATE message 0b000003No client certificate provided
Why the curl client did not send the certificate and the key to the server, but only an empty certificate message? I am sure all the certificates and key are correct. The server cert is also issued by the same intermediate CA which issued the client cert. I tried the --cacert input with only the root CA in PEM format, same error occurred.
If curl does send the cert and key for client authentication, what does the trace information look like?
YY



-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-12-17