cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Re: HTTPS certificates

From: Henry <Henry_at_Tonnison.co.uk>
Date: Thu, 2 Jan 2003 19:34:35 +0000

On Sun, 29 Dec 2002, Daniel Stenberg wrote:

>> I'm a novice programmer and SSL user however wish to write an app that uses
>> the SSL feature in libcURL. I have the SimpleSSL.c and have compiled it and
>> got it up and running, however at the moment i'm getting
>> CURLE_SSL_CERTPROBLEM,/* 58 - problem with the local certificate */ .
>> returned from the easy_perform. All the other functions of libcURL work
>> fine so i know its just down to my lack of SSL knowledge. So if anyone
>> could help me understand/direct how to generate:-

Ok I'm only getting the CURLE_SSL_CERTPROBLEM when i use the crypto engine. When i don't
and i use my own key i get an exception thrown (5, access denied).
        
>> 1) pCertFile

>The times I've needed client certificates I've converted one from my browser.
>Export a certificate. Then use openssl to convert it to PEM format.

I have successfully used openssl to create my pem file, using switch:-

openssl pkcs12 -in henry.pfx -out henry.pem

This created me a pem file, with a rsa private key and a certificate inside it.

>> 2) pCACertFile

>There's a CA cert bundle included with curl releases. That should do for most
>signed server certificates. If the server uses a self-signed certificate you
>need to get a CA cert from that somehow. I don't know how to do that.

Took your advice here and am using the ca-bundle.crt file.

>> 3) pKeyName

>You can get that the same way you get the client certificate.

Set this to be the same as pCertFile. So "Henry.pem"

>> 4) pKeyType

>You most likely use PEM as that's an open and frequently used format when you
>play with OpenSSL.

Set this to be "PEM"

I'm just trying to connect to any SSL server at the mo and trying to connect to
https://www.ebank.hsbc.co.uk
just as a test. When i browse to this site with IE it doesn't ask me to Ok any
certs so i presume that the ca-bundle will work in cURLs case.

cheers

Henry
        

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-01-02