cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL questions

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 22 Nov 2002 08:42:50 +0100 (MET)

On Thu, 21 Nov 2002, charles wrote:

> The sample (simplessl.c) shows that you need a client certificate and a
> client key.

You may not need those. It all depends on the site you're talking to. It may
require you to have a valid certificate. Or it may not.

I'm sorry that there is no documents in the curl archive or on the curl site
that takes you through the first steps in the SSL world.

> Given a web site (https://curl.haxx.se)

That's not a working (public) URL to play with. Try https://www.modssl.org
instead. I'll edit the example to not look like that.

> how can I obtain these to pass them along ?

Well, they probably don't require a certificate. If they do, and you're a
legitimate user, then ask them for one.

> Also is the sample supposed to download the HTTPS home page of curl ?

It is not.

As said on the web page, I do not want you to use the curl site for any test
runs. Far too many people download curl and try various things, for me to
have all those test runs torture the server I graciously have been allowed to
run the curl web site on.

Please direct your test cases to other servers.

> because I couldn't get it to work, it says its using testcert.pem and
> cacert.pem but those files are absent.

Yes, that is an example. If you need a certificate and/or a CA certificate,
then you must provide them yourself. There's a CA cert bundle in the curl
source archives you might find useful.

> (There is nothing in the header file its suppose to dump, I have the SSL
> DLL's in the path but still not sure if SSL is working correctly, this is
> windows so i cant use curl-config :( ).

Well if you tell curl to use several files that don't exist, then I don't
think you should expect it to proceed and success anyway. It'll fail and you
need to correct the errors.

> Is there perhaps another working sample of using SSL to download a HTTPS
> site ?

Make an example that works for HTTP. Modify it to use a HTTPS site instead.
Then tell libcurl to ignore to verify the server using CURLOPT_SSL_VERIFYPEER
set to FALSE (which is not nice security wise, but a fast way to browse an
SSL site). Run the test.

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2002-11-22