cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

unable to set private key file

From: Justin Finkelstein <justin_at_redwiredesign.com>
Date: Mon, 6 Oct 2008 12:28:41 +0000 (UTC)

Hi guys

I am using cURL to connect to a secure web service via HTTPS and, from the
command-line, this works fine but from within PHP it doesn't. I've spent almost
a whole day trying to resolve this and can't see a solution so I thought someone
else might know.

I originally have a PKCS#12 combined multicertificate which I split into its
components:

openssl pkcs12 -in MULTICERT.p12 -out ca.pem -cacerts -nokeys
openssl pkcs12 -in MULTICERT.p12 -out client.pem -clcerts -nokeys
openssl pkcs12 -in MULTICERT.p12 -out key.pem -nocerts

I set the PEM passphrase for the key to 'password' for testing, and test that
this all works via command-line:

curl -v --key ./key.pem --cacert ./ca.pem --cert ./client.pem:password
https://www.mbnet.pt/pvtn

I get a response back, which means that the keys are understood by cURL.

Translated into PHP, the code for the above line is:

$ch = curl_init();

curl_setopt($ch, CURLOPT_VERBOSE, '1');
curl_setopt($ch, CURLOPT_SSLKEY, 'key.pem');
curl_setopt($ch, CURLOPT_CAINFO, getcwd().'/ca.pem');
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/client.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'password');
curl_setopt($ch, CURLOPT_URL, "https://www.mbnet.pt/pvtn");

$result = curl_exec($ch);

The response I get is: unable to set private key file: 'key.pem' type PEM

This makes no sense, as surely since curl and libcurl are the same thing,
internally?

I read through the source code to try to find out what this meant; there is only
one reference to this error, in lib/ssluse.c:465:

case SSL_FILETYPE_ASN1:
if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
failf(data, "unable to set private key file: '%s' type %s",
key_file, key_type?key_type:"PEM");

So it thinks my file is an ASN1 type, which it can't use. At least, that's what
it looks like from here.

For reference, I am using PHP 5.1.4 and:

curl 7.19.0 (i686-pc-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8b zlib/1.2.3
libidn/0.6.5 libssh2/0.17
Protocols: tftp ftp telnet dict http file https ftps scp sftp
Features: IDN IPv6 Largefile NTLM SSL libz

Any suggestions? :)

Thanks,

Justin

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2008-10-06

This message: [ Message body ]
Next message: S A.: "nss/ssl issue"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]