curl-library
Re: need help
Date: Wed, 02 Mar 2005 00:21:46 -0800
If your webserver requires that a certificate MUST be presented by the client, you need to also set the following options in your code:
CURLOPT_SSLCERT
CURLOPT_SSLKEY
CURLOPT_SSLKEYPASSWD
.....
If you webserver ACCEPTS a client certificate but does not require it, you don't need the above options, but you still need CURLOPT_CAINFO.
Regards
-Seshubabu Pasam
Aniruddha Diwakar wrote:
Hello,I am using libCURL for client cert authentication is any body has worked on this before.I am in bit confusion regarding this client cert authentication.
Apache (1.3) webserver's httpd.conf file contains one directive SSLVerifyClient, if we set it to require then browser will ask us client certificate and after supplying the client cert it will show apache welcome page.
Suppose if I try this functionality thr' the code as below by setting this directive to wither optional or none then it is working fine.
curl_easy_setopt(curl, CURLOPT_URL, https://ps0733:7878/);
if(rc=curl_easy_setopt(curl,CURLOPT_CAPATH,"/home/qa/software/ws/apache/apache-1.3.33_ssl_7878/conf/root_ca_cert.pem")!=CURLE_OK)
{
fprintf(headerfile,"can't set ca path\n");
}
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST,1);
res = curl_easy_perform(curl);
however if we set this directive to require then it will show the attached log contains. also Webserver log shows following thing,
OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
that means server is waiting for client certificate. can you please let me know your view to address this issue.
Also please let me kno what exactly CURLOPT_SSL_VERIFYPEER does.
Regards
Aniruddha
Aniruddha Diwakar
Persistent Systems Pvt Ltd.
Tel : 25678900 X : 2490
== Info: About to connect() to ps0733 port 7878 == Info: Trying 192.168.12.211... == Info: connected == Info: Connected to ps0733 (192.168.12.211) port 7878 == Info: successfully set certificate verify locations: == Info: CAfile: none CApath: /home/qa/software/ws/apache/apache-1.3.33_ssl_7878/conf/root_ca_cert.pem == Info: SSLv2, Client hello (1): <= Send SSL data, 130 bytes ....i......9..8..5..............3..2../...........f..............c..b..a........ ...@..e..d..`........................<...tg.,..~9. == Info: SSLv3, TLS handshake, Server hello (2): <= Recv SSL data, 74 bytes ...F..B$W..#........,nM...D..,....8..* ..Da./....e.......Qm.m%s.5...N.e.9. == Info: SSLv3, TLS handshake, CERT (11): <= Recv SSL data, 883 bytes ...o..l..i0..e0...........0...*.H........0..1.0...U....US1.0...U....CU1.0...U... .CA1.0...U....Oblix1.0...U....qa1.0...U....ps07331-0+..*.H........ajay_verghese@ persistent.co.in0...041209125026Z..320425125026Z0..1.0...U....US1.0...U....CU1.0 ...U....CA1.0...U....Oblix1.0...U....qa1.0...U....ps07331-0+..*.H........ajay_ve rghese@persistent.co.in0..0...*.H............0........y;.cel..j.+.......fgNq0..| ...Z...i..'......9.d.*..th6W..M.....:"..T.....:T[.8"..I...PtY.."....N.T.U*.fmy. ....j.....m..`..5.Rc........0..0...U......rb........#.F..`....0....U.#...0....rb ........#.F..`..........0..1.0...U....US1.0...U....CU1.0...U....CA1.0...U....Obl ix1.0...U....qa1.0...U....ps07331-0+..*.H........ajay_verghese@persistent.co.in. ..0...U....0....0...*.H............'.0.{#?.+.ZTlH..x1.... .}....]......Ki.x.$... ....{I"....n.&m!....$4T..m..(.m./<v..b.7.^..nw...}.\.c...-.Q..7.......qR.....Hd. .u. == Info: SSLv3, TLS handshake, Server key exchange (12): <= Recv SSL data, 397 bytes .........=I[.,|.....y.....Q..^* d.Jy.p...Y..#.....0H../..< ..H..n.....>7.yNS'.a. .....\`D..=v.^.......<.N.......Q6.&.V...8..#.PP......k.....CA..-y*>...A...].db8u P.b.........h.b6 .&."...7s..u.q.:?.m.......,g.j.......pit......iY.R..\.n.|...... e$..U-.....q4.y......u.i/m....1..y(....[..w.`.....{..^..z.....@...S.g.x!..D?S.W. ......1..7.=.f....p.r.h..Se...........8...c..X..$.._.2"q.jH.......k.<T.V^o.6. == Info: SSLv3, TLS handshake, Request CERT (13): <= Recv SSL data, 118 bytes ...r......k.i0g1.0...U....US1.0...U....CA1.0...U....CU1.0...U....Security1.0...U ....PSPL1.0...U....Certificate Manager == Info: SSLv3, TLS handshake, Server finished (14): <= Recv SSL data, 4 bytes .... == Info: SSLv3, TLS handshake, CERT (11): <= Send SSL data, 7 bytes ....... == Info: SSLv3, TLS handshake, Client key exchange (16): <= Send SSL data, 134 bytes ......MC....3..Y.....*..p......3.4]....E.......L/..+e. .X.^..?...J i.:..}@......9.T..\$..:Q..`.Tp....|...)..uj.l....x......<..w......== Info: SSLv3, TLS change cipher, Client hello (1): <= Send SSL data, 1 bytes . == Info: SSLv3, TLS handshake, Finished (20): <= Send SSL data, 16 bytes .....(.....l`C.. == Info: SSLv3, TLS alert, Server hello (2): <= Recv SSL data, 2 bytes .( == Info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure == Info: Closing connection #0
- text/x-vcard attachment: pasam.vcf