cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curl certificate authentication

From: Peter Sylvester <Peter.Sylvester_at_edelweb.fr>
Date: Tue, 15 Mar 2005 10:54:49 +0100 (MET)

>
> On Mon, 14 Mar 2005, Lapo TIN wrote:
>
> > In my case I want to include the public key directly in the code, because I
> > represent the only certification authority that exist, and ignore any other
> > certificate authority.
>
> Sorry, but the current libcurl has no such option. You can only tell it a
> directory or a file name where the CA cert bundle is located.
>

If you have you cert in the code as binary data, you decode from that
buffer with d2i_X509, you set an CURLOPT_SSL_CTX_FUNCTION and
a CURLOPT_SSL_CTX_DATA pointing to you cert, and then in the
callback function which is called with the ssl ctx as an opaque
parm and your parm, you get the store with

   store = SSL_CTX_get_cert_store(ctx)
   X509_STORE_add_cert(store,yourcert);

in the examples curlx.c there is an example that can be used as
a framework. (The example directly takes ctx->cert_store, that
should be changed

- X509_STORE_add_cert(ctx->cert_store,sk_X509_value(p->ca,
                                                    sk_X509_num(p->ca)-1));

+ X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),sk_X509_value(p->ca,
                                                    sk_X509_num(p->ca)-1));
Received on 2005-03-15