cURL / Mailing Lists / curl-library / Single Mail

curl-library

openSSL and certificate_store

From: Serge van den Broek <SVandenbroek_at_isabel.be>
Date: Mon, 19 Jul 2004 09:17:20 +0200

Hi

I have implemented OpenSSL with curl. I succeed in authenticating the server if I have the server's certificate as a file on the client workstation (using CURLOPT_CAINFO). But is it possible to use a certificate contained in the certificate store of Windows ?

Thanks for your help

----------------------------------------------------
Serge van den Broek
Senior Analyst Programmer
* svandenbroek_at_isabel.be
* : +32 (02) 545.17.67 * : +32 (02) 545.17.19
Isabel SA
Blvd. de l'Impératrice 13-15
B - 1000 Bruxelles
Web : www.isabel.be

DISCLAIMER : Confidential information may be contained in this message and it may be legally privileged. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Isabel shall be understood as neither given nor endorsed by it. Messages and attachments are swept by a virusscanner. If this message contains password-protected attachments, the files have not been scanned for viruses by the Isabel mail domain. Always scan attachments before opening them.

-----Original Message-----
From: curl-library-request_at_cool.haxx.se
[mailto:curl-library-request_at_cool.haxx.se]
Sent: dimanche 18 juillet 2004 12:00
To: curl-library_at_cool.haxx.se
Subject: Curl-library Digest, Vol 6, Issue 21

Send Curl-library mailing list submissions to
        curl-library_at_cool.haxx.se

To subscribe or unsubscribe via the World Wide Web, visit
        http://cool.haxx.se/mailman/listinfo/curl-library
or, via email, send a message with subject or body 'help' to
        curl-library-request_at_cool.haxx.se

You can reach the person managing the list at
        curl-library-owner_at_cool.haxx.se

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Curl-library digest..."

Today's Topics:

   1. Re: curl_easy_reset AND How I'm a CVS Idiot... (Casey ODonnell)
   2. Re: libcurl - No timeout (Roland Krikava)
   3. libcurl - Script to create ca-bundle.crt from Mozilla's
      certdata.txt (Roland Krikava)
   4. Re: libcurl - No timeout (Daniel Stenberg)
   5. Re: curl_easy_perform (Daniel Stenberg)
   6. Re: curl-multi: Pausing download with connection open
      (Daniel Stenberg)

----------------------------------------------------------------------

Message: 1
Date: Sat, 17 Jul 2004 08:45:52 -0400
From: Casey ODonnell <caseyodonnell_at_gmail.com>
Subject: Re: curl_easy_reset AND How I'm a CVS Idiot...
To: curl-library_at_cool.haxx.se
Message-ID: <2b6b92504071705451f6a14f0_at_mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII

Yes, perhaps we should call it something else? curl_easy_optreset()?

It does not touch:
curl_hash (hostcache)
Share
Cookies
UrlState
PureInfo
SSL Engine Info

It only resets:
UserDefined
Progress

Having not really used the share interface, I can't be too helpful
with what this function ought to do. Reading, the current docs, I
would say that we should maintain the share interface, because we
aren't reseting Cookies ore DNS cache...which is what they share
(beyond userdata).

Anyone else is welcome to get in on this.

Cheers.
Casey

P.S. Thanks for the response on inclusion time. 7.12.1 sounds great.

> While sitting here slowly working this into my sources, I miss the man page!
>
> More seriously, what we need to carefully check and note in that man page is
> what particular info this function DOES NOT reset. I could quickly think of
> these items:
>
> live connections, the Session ID cache, the DNS cache and cookies
>
> I then came to think of shares, and that this function doesn't stop the handle
> from using a previously set share. I'm not quite sure if that is the correct
> behaviour.
>
> Did I miss anything else?

--
Casey O'Donnell
RPI STS Department - Graduate Student
http://homepage.mac.com/codonnell/
http://homepage.mac.com/codonnell/wxblogger/
------------------------------
Message: 2
Date: Sat, 17 Jul 2004 11:17:47 -0400
From: "Roland Krikava" <list-subs_at_bluedigits.com>
Subject: Re: libcurl - No timeout
To: "libcurl development" <curl-library_at_cool.haxx.se>
Message-ID: <000801c46c11$391ef330$3601a8c0_at_greybird>
Content-Type: text/plain;	charset="iso-8859-1"
----- Original Message ----- 
From: "Daniel Stenberg" <daniel-curl_at_haxx.se>
To: "libcurl development" <curl-library_at_cool.haxx.se>
Sent: Saturday, July 17, 2004 4:02 AM
Subject: Re: libcurl - No timeout
> On Fri, 16 Jul 2004, Roland Krikava wrote:
>
> > The connection will however timeout after a few minutes.
>
> Yes, since Apache will close it down. You could write your own server
though
> that does this and never times out. Neiter will libcurl in that case.
>
> > Any suggestions on how to troubleshoot this, and avoid setting timeouts
that
> > kill legitimate connections?
>
> First off, what is a "legitimate connection" and how can libcurl tell?
If data is available for reading, I would call this legitimate.  Large files
that take a long time to download could outlast any CURLOPT_TIMEOUT.  If,
however, this timeout was used instead to timeout on inactive connections,
this problem would be avoided.
>
> I suggest you either use the CURLOPT_LOW_SPEED_LIMIT option or you use the
> progress callback to figure out yourself when you think the connection is
no
> longer interesting.
I will look into it, thanks.
>
> -- 
>       Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
>        Dedicated custom curl help for hire: http://haxx.se/curl.html
>
>
------------------------------
Message: 3
Date: Sat, 17 Jul 2004 11:47:40 -0400
From: "Roland Krikava" <list-subs_at_bluedigits.com>
Subject: libcurl - Script to create ca-bundle.crt from Mozilla's
	certdata.txt
To: "libcurl development" <curl-library_at_cool.haxx.se>
Message-ID: <001c01c46c15$65b1ca40$3601a8c0_at_greybird>
Content-Type: text/plain; charset="iso-8859-1"
Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: parse-certs.sh
Type: application/octet-stream
Size: 2618 bytes
Desc: not available
Url : http://cool.haxx.se/pipermail/curl-library/attachments/20040717/c1002c22/parse-certs-0001.obj
------------------------------
Message: 4
Date: Sun, 18 Jul 2004 09:28:54 +0200 (CEST)
From: Daniel Stenberg <daniel-curl_at_haxx.se>
Subject: Re: libcurl - No timeout
To: libcurl development <curl-library_at_cool.haxx.se>
Message-ID: <Pine.LNX.4.60.0407180921590.6299_at_yvahk3.pbagnpgbe.fr>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Sat, 17 Jul 2004, Roland Krikava wrote:
>> First off, what is a "legitimate connection" and how can libcurl tell?
>
> If data is available for reading, I would call this legitimate.
Data is not available all the time, hardly on any connections. There are 
always periods when no data is available. The lengths of those periods can of 
course vary between milliseconds to hours, days or even weeks. The periods of 
no-data-available doesn't make the connection ilegitimate, only slow.
> Large files that take a long time to download could outlast any 
> CURLOPT_TIMEOUT.
Of course, CURLOPT_TIMEOUT is a very rough tool.
> If, however, this timeout was used instead to timeout on inactive 
> connections, this problem would be avoided.
So what is an "inactive connection" ? libcurl can't tell if the server is 
slow, the network is slow or if the server actually decided to stop sending 
data (without disconnecting).
But then, libcurl offers a method to kill connections with very little 
through-put, if you think that is a good idea. Or you can do your own 
heuristics in one of the callbcks libcurl calls.
-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html
------------------------------
Message: 5
Date: Sun, 18 Jul 2004 09:30:40 +0200 (CEST)
From: Daniel Stenberg <daniel-curl_at_haxx.se>
Subject: Re: curl_easy_perform
To: libcurl development <curl-library_at_cool.haxx.se>
Message-ID: <Pine.LNX.4.60.0407180723520.6299_at_yvahk3.pbagnpgbe.fr>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Sat, 17 Jul 2004, Karl wrote:
> When using threads and libcurl, if one thread is running curl_easy_perform 
> and for whatever reason that takes some time (say host not responding), can 
> another thread terminate that attempt
No. But a thread can signal the other thread and then you can make your 
callback(s) return to abort the transfer. It will at least make the transfer 
stop as soon as possible.
> , or do we have to wait for the perform to fail.
Return the proper code from your callback and it'll stop.
-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html
------------------------------
Message: 6
Date: Sun, 18 Jul 2004 09:36:37 +0200 (CEST)
From: Daniel Stenberg <daniel-curl_at_haxx.se>
Subject: Re: curl-multi: Pausing download with connection open
To: libcurl development <curl-library_at_cool.haxx.se>
Message-ID: <Pine.LNX.4.60.0407180931580.6299_at_yvahk3.pbagnpgbe.fr>
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; FORMAT=flowed
On Sat, 17 Jul 2004, Richard Atterer wrote:
>> I'm open for suggestions and patches on how such a pausing would be 
>> controlled.
>
> Hmm, libcurl could maintain a "paused" flag for each easy handle, and when 
> that flag is set, the handle's sockets could no longer be returned in the 
> fd_set result of curl_multi_fdset().
Yes that would work, and then connections marked as paused wouldn't be checked 
for receiving or sending data.
> Also, it's possible that the application will run out of connections sooner 
> if there's some kind of limit... What does CURLOPT_MAXCONNECTS apply to, 
> overall open connections, connections to a single host, or overall open, but 
> unused connections?
Maximum number of open connections in an easy handle's connection "pool". They 
are used to allow connection re-use when subsequent requests are made.
-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html
------------------------------
_______________________________________________
Curl-library mailing list
Curl-library_at_cool.haxx.se
http://cool.haxx.se/mailman/listinfo/curl-library
End of Curl-library Digest, Vol 6, Issue 21
*******************************************
Received on 2004-07-19