curl-library
Re: using both a Private trusted CA and ca-bundle.crt, possible?
Date: Tue, 28 Jan 2003 16:57:42 +0100 (CET)
On Mon, 27 Jan 2003, Derek Ealy wrote:
> Using libcurl 7.10 on Windows I've figured out how to have libcurl use
> either the ca-bundle.crt for referencing sites with a cert from one of the
> common CAs, or I can specify the root cert from our own internal CA. The
> question I have is how to do both?
This is really an OpenSSL issue, but I think I know the answers...
> I would like my application to be able to reference both cert files (mine
> is a PEM generated by openssl) when trying to validate the certs that a web
> server presents.
> if (m_strCAPath.length() > 0)
> curl_easy_setopt(curl_handle, CURLOPT_CAINFO, m_strCAPath.c_str());
Well, CAINFO points out a single file, and I think you can append any number
of CA certs on that file to have them all work.
> curl_easy_setopt(curl_handle, CURLOPT_CAPATH, "c:\\downloads\\curl\\lib");
> //peace_cacert.pem");
CAPATH is the preferred way to do this, as this makes OpenSSL look in a given
directory for CA certs, but it requires that you generate some fancy files
(or whatever) using a perl script that I've been told is using symlinks or
something.
I'm not an expert on this. I'm mainly trying to repeat what I've been told by
others, and I hope I'm not mixing things up too badly.
-- Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.comReceived on 2003-01-28