cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: https and certificates

From: T. Bharath <TBharath_at_responsenetworks.com>
Date: Mon, 27 May 2002 23:35:10 -0400

Curl currently is capable of using all the CA certs bundled into a
single file
because thats how i have been using it for quite a long time.I dont
think we need
any modification for that.Since Curl passes this to openssl, openssl
knows how to handle the
multiple cacerts in the same file
Atleast in windows i know that CAPath may not work because of an
inherent problem
(iam not sure if that can be called a problem as thats how OpenSSL has
been designed)
because of the way they retreive multiple CA files from the
directory(CAPath).I know
that this was the case till openssl-0.9.5a .Not sure if this has been
fixed

Regards
Bharath

Daniel Stenberg wrote:

On Mon, 27 May 2002, Andreas Olsson wrote:

Today my client program is hardcoded with a specific CaCertFile

        curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);

This is ok as long as I know what certificate the server uses.

Is it possible to specify a directory containing many cert files or to
bundle them all together in one large cert file and give that to
libcurl?

This is currently not possible. I would gladly accept a patch what would
introduce CURLOPT_CAPATH that would then set the OpenSSL 'CApath'
accordingly, the same way CURLOPT_CAINFO currently sets 'CAfile'.

Would you be able to write us a patch for this?

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
Received on 2002-05-28