cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: A beginner's question

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Mon, 9 Aug 2004 10:12:17 +0200 (CEST)

On Mon, 9 Aug 2004, nkb wrote:

> Pardon for this beginner's question.

No worries. We are all beginners at first.

> I've written a http client before I found libcurl. I would like now to use
> libcurl into my c++ application for https web access.

Welcome to our little corner of the world!

> My question is, are there any websites or books that could tell me the
> process flow for a https web access?

I don't know any really good ones. If you want the techy details, I suggest
you read RFC2818 "HTTP Over TLS": http://curl.haxx.se/rfc/rfc2818.txt

> I've good ideas of how http authentication works, what are the server
> reponse messages when I do a POST to send/get info to the server, and how to
> send back authentications info etc. But I've no idea about https. Do I use
> the same header for https access?

To quote RFC2818:

    Conceptually, HTTP/TLS is very simple. Simply use HTTP over TLS
    precisely as you would use HTTP over TCP.

So yes, the headers and everything are identical. You just use SSL/TLS on the
transport layer instead of plain TCP.

> And what do I need to know about the server for me to get across the
> POST/GET info?

If you want to be sure the remote server is the one it claims to be, you need
a CA cert that can verify it.

If the remote server wants to verify that YOU are who you claim to be, you
might need a client certificate that proves yourself to the remote server.

> How does the authentication process work?

Very simplified as described above, for the SSL parts. HTTP authentications
are still handled exactly like you're used to, the HTTP way.

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html
Received on 2004-08-09