On Thu, 12 Aug 2004, [gb2312] »ÆÖ¾¾ü wrote:

> i found that there are some requirements for this to work as belows, but how
> to prepare certificate like 'testcert.pem' or 'cacert.pem'?

testcert.pem is your client certificate your server requires you to provide.
If you need this, you should know how to get it or ask the server admin(s).
Then convert it to PEM with the 'openssl' tool.

Using a client certificate is optional.

cacert.pem is the CA cert bundle you want to use instead of the libcurl
default one (as is installed with 'make install'). You can obtain CA certs
from your server's organisation or you can extract Mozilla's CA cert bundle as
described here: http://curl.haxx.se/docs/caextract.html

Using a CA cert to verify the server is optional, although enabled by default.

> and how do i find the crypto engine and how to use it?

The "crypto engine" is OpenSSL's support for hardware crypto devices. If you
have such a thing, you should make sure you build OpenSSL with support for it.
For everything else regarding crypto engine and OpenSSL, I can only recommend
that you talk to the openssl guys on one of their mailing lists.

>> when i make the simplessl and execute it, the return value of calling
>> curl_easy_perform method is 58 which i found is "CURLE_SSL_CERTPROBLEM".
> How to deal with local certificate problem?

http://curl.haxx.se/docs/sslcerts.html

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html