cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curl certificate authentication

From: Lapo TIN <lapolapolapo_at_tin.it>
Date: Tue, 15 Mar 2005 11:14:15 +0100

thank you very much !
I'll try soon.

Lapo

----- Original Message -----
From: "Peter Sylvester" <Peter.Sylvester_at_edelweb.fr>
To: <curl-library_at_cool.haxx.se>
Sent: Tuesday, March 15, 2005 10:54 AM
Subject: Re: curl certificate authentication

>>
>> On Mon, 14 Mar 2005, Lapo TIN wrote:
>>
>> > In my case I want to include the public key directly in the code,
>> > because I
>> > represent the only certification authority that exist, and ignore any
>> > other
>> > certificate authority.
>>
>> Sorry, but the current libcurl has no such option. You can only tell it a
>> directory or a file name where the CA cert bundle is located.
>>
>
> If you have you cert in the code as binary data, you decode from that
> buffer with d2i_X509, you set an CURLOPT_SSL_CTX_FUNCTION and
> a CURLOPT_SSL_CTX_DATA pointing to you cert, and then in the
> callback function which is called with the ssl ctx as an opaque
> parm and your parm, you get the store with
>
> store = SSL_CTX_get_cert_store(ctx)
> X509_STORE_add_cert(store,yourcert);
>
> in the examples curlx.c there is an example that can be used as
> a framework. (The example directly takes ctx->cert_store, that
> should be changed
>
>
> - X509_STORE_add_cert(ctx->cert_store,sk_X509_value(p->ca,
> sk_X509_num(p->ca)-1));
>
>
> + X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),sk_X509_value(p->ca,
> sk_X509_num(p->ca)-1));
>
Received on 2005-03-15