curl-library
openSSL and certificate_store
Date: Mon, 19 Jul 2004 09:17:20 +0200
Hi
I have implemented OpenSSL with curl. I succeed in authenticating the server if I have the server's certificate as a file on the client workstation (using CURLOPT_CAINFO). But is it possible to use a certificate contained in the certificate store of Windows ?
Thanks for your help
----------------------------------------------------
Serge van den Broek
Senior Analyst Programmer
* svandenbroek_at_isabel.be
* : +32 (02) 545.17.67 * : +32 (02) 545.17.19
Isabel SA
Blvd. de l'Impératrice 13-15
B - 1000 Bruxelles
Web : www.isabel.be
DISCLAIMER : Confidential information may be contained in this message and it may be legally privileged. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Isabel shall be understood as neither given nor endorsed by it. Messages and attachments are swept by a virusscanner. If this message contains password-protected attachments, the files have not been scanned for viruses by the Isabel mail domain. Always scan attachments before opening them.
-----Original Message-----
From: curl-library-request_at_cool.haxx.se
[mailto:curl-library-request_at_cool.haxx.se]
Sent: dimanche 18 juillet 2004 12:00
To: curl-library_at_cool.haxx.se
Subject: Curl-library Digest, Vol 6, Issue 21
Send Curl-library mailing list submissions to
curl-library_at_cool.haxx.se
To subscribe or unsubscribe via the World Wide Web, visit
http://cool.haxx.se/mailman/listinfo/curl-library
or, via email, send a message with subject or body 'help' to
curl-library-request_at_cool.haxx.se
You can reach the person managing the list at
curl-library-owner_at_cool.haxx.se
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Curl-library digest..."
Today's Topics:
1. Re: curl_easy_reset AND How I'm a CVS Idiot... (Casey ODonnell)
2. Re: libcurl - No timeout (Roland Krikava)
3. libcurl - Script to create ca-bundle.crt from Mozilla's
certdata.txt (Roland Krikava)
4. Re: libcurl - No timeout (Daniel Stenberg)
5. Re: curl_easy_perform (Daniel Stenberg)
6. Re: curl-multi: Pausing download with connection open
(Daniel Stenberg)
----------------------------------------------------------------------
Message: 1
Date: Sat, 17 Jul 2004 08:45:52 -0400
From: Casey ODonnell <caseyodonnell_at_gmail.com>
Subject: Re: curl_easy_reset AND How I'm a CVS Idiot...
To: curl-library_at_cool.haxx.se
Message-ID: <2b6b92504071705451f6a14f0_at_mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII
Yes, perhaps we should call it something else? curl_easy_optreset()?
It does not touch:
curl_hash (hostcache)
Share
Cookies
UrlState
PureInfo
SSL Engine Info
It only resets:
UserDefined
Progress
Having not really used the share interface, I can't be too helpful
with what this function ought to do. Reading, the current docs, I
would say that we should maintain the share interface, because we
aren't reseting Cookies ore DNS cache...which is what they share
(beyond userdata).
Anyone else is welcome to get in on this.
Cheers.
Casey
P.S. Thanks for the response on inclusion time. 7.12.1 sounds great.
> While sitting here slowly working this into my sources, I miss the man page!
>
> More seriously, what we need to carefully check and note in that man page is
> what particular info this function DOES NOT reset. I could quickly think of
> these items:
>
> live connections, the Session ID cache, the DNS cache and cookies
>
> I then came to think of shares, and that this function doesn't stop the handle
> from using a previously set share. I'm not quite sure if that is the correct
> behaviour.
>
> Did I miss anything else?
-- Casey O'Donnell RPI STS Department - Graduate Student http://homepage.mac.com/codonnell/ http://homepage.mac.com/codonnell/wxblogger/ ------------------------------ Message: 2 Date: Sat, 17 Jul 2004 11:17:47 -0400 From: "Roland Krikava" <list-subs_at_bluedigits.com> Subject: Re: libcurl - No timeout To: "libcurl development" <curl-library_at_cool.haxx.se> Message-ID: <000801c46c11$391ef330$3601a8c0_at_greybird> Content-Type: text/plain; charset="iso-8859-1" ----- Original Message ----- From: "Daniel Stenberg" <daniel-curl_at_haxx.se> To: "libcurl development" <curl-library_at_cool.haxx.se> Sent: Saturday, July 17, 2004 4:02 AM Subject: Re: libcurl - No timeout > On Fri, 16 Jul 2004, Roland Krikava wrote: > > > The connection will however timeout after a few minutes. > > Yes, since Apache will close it down. You could write your own server though > that does this and never times out. Neiter will libcurl in that case. > > > Any suggestions on how to troubleshoot this, and avoid setting timeouts that > > kill legitimate connections? > > First off, what is a "legitimate connection" and how can libcurl tell? If data is available for reading, I would call this legitimate. Large files that take a long time to download could outlast any CURLOPT_TIMEOUT. If, however, this timeout was used instead to timeout on inactive connections, this problem would be avoided. > > I suggest you either use the CURLOPT_LOW_SPEED_LIMIT option or you use the > progress callback to figure out yourself when you think the connection is no > longer interesting. I will look into it, thanks. > > -- > Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se > Dedicated custom curl help for hire: http://haxx.se/curl.html > > ------------------------------ Message: 3 Date: Sat, 17 Jul 2004 11:47:40 -0400 From: "Roland Krikava" <list-subs_at_bluedigits.com> Subject: libcurl - Script to create ca-bundle.crt from Mozilla's certdata.txt To: "libcurl development" <curl-library_at_cool.haxx.se> Message-ID: <001c01c46c15$65b1ca40$3601a8c0_at_greybird> Content-Type: text/plain; charset="iso-8859-1" Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: parse-certs.sh Type: application/octet-stream Size: 2618 bytes Desc: not available Url : http://cool.haxx.se/pipermail/curl-library/attachments/20040717/c1002c22/parse-certs-0001.obj ------------------------------ Message: 4 Date: Sun, 18 Jul 2004 09:28:54 +0200 (CEST) From: Daniel Stenberg <daniel-curl_at_haxx.se> Subject: Re: libcurl - No timeout To: libcurl development <curl-library_at_cool.haxx.se> Message-ID: <Pine.LNX.4.60.0407180921590.6299_at_yvahk3.pbagnpgbe.fr> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed On Sat, 17 Jul 2004, Roland Krikava wrote: >> First off, what is a "legitimate connection" and how can libcurl tell? > > If data is available for reading, I would call this legitimate. Data is not available all the time, hardly on any connections. There are always periods when no data is available. The lengths of those periods can of course vary between milliseconds to hours, days or even weeks. The periods of no-data-available doesn't make the connection ilegitimate, only slow. > Large files that take a long time to download could outlast any > CURLOPT_TIMEOUT. Of course, CURLOPT_TIMEOUT is a very rough tool. > If, however, this timeout was used instead to timeout on inactive > connections, this problem would be avoided. So what is an "inactive connection" ? libcurl can't tell if the server is slow, the network is slow or if the server actually decided to stop sending data (without disconnecting). But then, libcurl offers a method to kill connections with very little through-put, if you think that is a good idea. Or you can do your own heuristics in one of the callbcks libcurl calls. -- Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se Dedicated custom curl help for hire: http://haxx.se/curl.html ------------------------------ Message: 5 Date: Sun, 18 Jul 2004 09:30:40 +0200 (CEST) From: Daniel Stenberg <daniel-curl_at_haxx.se> Subject: Re: curl_easy_perform To: libcurl development <curl-library_at_cool.haxx.se> Message-ID: <Pine.LNX.4.60.0407180723520.6299_at_yvahk3.pbagnpgbe.fr> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed On Sat, 17 Jul 2004, Karl wrote: > When using threads and libcurl, if one thread is running curl_easy_perform > and for whatever reason that takes some time (say host not responding), can > another thread terminate that attempt No. But a thread can signal the other thread and then you can make your callback(s) return to abort the transfer. It will at least make the transfer stop as soon as possible. > , or do we have to wait for the perform to fail. Return the proper code from your callback and it'll stop. -- Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se Dedicated custom curl help for hire: http://haxx.se/curl.html ------------------------------ Message: 6 Date: Sun, 18 Jul 2004 09:36:37 +0200 (CEST) From: Daniel Stenberg <daniel-curl_at_haxx.se> Subject: Re: curl-multi: Pausing download with connection open To: libcurl development <curl-library_at_cool.haxx.se> Message-ID: <Pine.LNX.4.60.0407180931580.6299_at_yvahk3.pbagnpgbe.fr> Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; FORMAT=flowed On Sat, 17 Jul 2004, Richard Atterer wrote: >> I'm open for suggestions and patches on how such a pausing would be >> controlled. > > Hmm, libcurl could maintain a "paused" flag for each easy handle, and when > that flag is set, the handle's sockets could no longer be returned in the > fd_set result of curl_multi_fdset(). Yes that would work, and then connections marked as paused wouldn't be checked for receiving or sending data. > Also, it's possible that the application will run out of connections sooner > if there's some kind of limit... What does CURLOPT_MAXCONNECTS apply to, > overall open connections, connections to a single host, or overall open, but > unused connections? Maximum number of open connections in an easy handle's connection "pool". They are used to allow connection re-use when subsequent requests are made. -- Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se Dedicated custom curl help for hire: http://haxx.se/curl.html ------------------------------ _______________________________________________ Curl-library mailing list Curl-library_at_cool.haxx.se http://cool.haxx.se/mailman/listinfo/curl-library End of Curl-library Digest, Vol 6, Issue 21 *******************************************Received on 2004-07-19