curl-and-php
Re: Re: HTTPS + Certificate
Date: Wed, 24 Sep 2003 11:02:29 -0400
Interesting. Since the command line no longer prompts you for a password, have you tried removing the line
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $passwd);
from your PHP code? If the command line is satisfied with no additional password, it seems PHP should be OK with that, too.
Scott Nichol
Do not send e-mail directly to this e-mail address,
because it is filtered to accept only mail from
specific mail lists.
----- Original Message -----
From: "Frédéric Dufour" <fdufour_at_logfi.fr>
To: <curl-and-php_at_lists.sourceforge.net>
Sent: Wednesday, September 24, 2003 10:49 AM
Subject: Re: Re: HTTPS + Certificate
> Hello,
>
> Thank you for your help, Scott... and the lesson : RTFM (Read The Fu..ing
> Manual)...
>
> Q 1 :
> I am looking at the command line documentation at
> http://curl.haxx.se/docs/manpage.html and I do not see a --key option
> anywhere. The only place the word "key" appears on that page is in the
> description of --cert: "Note that this certificate is the private key and
> the private certificate concatenated!" How did you learn of the --key
> option?
> R 1 :
> me too, I asked some assistance on curl mailing list and I had this answer :
> http://curl.haxx.se/mail/archive-2003-09/0107.html
>
> Q 2 :
> Does your certificate file have both your private key and private
> certificate as described in the documentation?
> R2 :
> now, yes :-/ (sorry, sorry, sorry). I used : openssl pkcs12 -in
> MyCert.pfx -out MYCERT.pem -nodes
> If I try : curl --cacert CAROOT.pem --cert MYCERT.pem https://mywebsite/
> it's ok... (too). ps : the curl command does not ask me my password. is it
> ok ?
>
> Q3 :
> In my PHP 4.3.2 docs, I do not see CURLOPT_SSLKEY and CURLOPT_SSLKEYPASSWD.
> I do see CURLOPT_SSLCERT and an associated CURLOPT_SSLCERTPASSWD. How did
> you learn of CURLOPT_SSLKEY and CURLOPT_SSLKEYPASSWD?
> R3 :
> me too, I see CURLOPT_SSLKEY and CURLOPT_SSLKEYPASSWD options in example
> code...
>
> Q4 :
> Are you attempting to use options that have been abandoned in more recent
> versions?
> R4 :
> undoubtedly :-/
>
>
> With all your help, if I try this code :
>
> $site = "https://mywebsite";
> $url = $site.$_SERVER["PATH_INFO"];
> $MyCert = "MYCERT2.pem";
> $certroot = "CAROOT.pem";
> $passwd = "0b14b67f";
>
> $ch = curl_init ($url);
> if (!$ch) {
> die ("Couldn't Initialize cURL handle\n");
> }
>
> curl_setopt($ch, CURLOPT_SSLCERT, $MyCert);
> curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $passwd);
> // curl_setopt($ch, CURLOPT_CAINFO, $certroot);
> // curl_setopt($ch, CURLOPT_SSLVERSION, 3);
>
> $code = curl_exec ($ch);
> if ($code != CURLE_OK) {
> die ("cURL error: " . curl_error ($ch) . "\n");
> }
>
> echo "<pre>";
> echo "\ncURL error number:" .curl_errno($ch);
> echo "\ncURL error:" . curl_error($ch);
> echo "</pre>";
> curl_close ($ch);
>
> I have this response :
>
> cURL error number:58
> cURL error:unable to set certificate file (wrong password?)
>
> hard for me to join the force...
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
>
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-09-24