cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl and SSL

From: Ben Greear <greearb_at_candelatech.com>
Date: Fri, 06 May 2005 15:46:03 -0700

Ben Greear wrote:
> Hello!
>
> I'm trying to support https://www.foo.com URLs in my tool
> that uses libcurl.
>
> So far, I'm not having a whole lot of luck.
>
> I have cross-compiled libcurl, my app, and the latest openssl with mingw
> to be
> run on my Windows machine. I copied the ca-bundle.crt from
> /usr/share/ssl/certs/ca-bundle.crt on my FC3 Linux machine to the windows
> machine.
>
> I tried setting the CURLOPT_SSL_VERIFYPEER to zero and 1, and neither
> changes affect the error message I get from libcurl:
>
> unable to set private key file: 'ca-bundle.crt'

So, it looks like I didn't really need a private key. I changed my
code to look like this and it now appears to work:

    VLOG << "Setting SSL Cert File Name to -:" << ssl_cert_fname << ":-\n";
    if ((rv = curl_easy_setopt(curl, CURLOPT_CAINFO, (const char*)(ssl_cert_fname))) != CURLE_OK) {
       VLOG_ERR(VLOG << "CURL setup error, SSLCERT, err: " << rv << endl);
       stopOnError(getCurlErrBuffer());
       return -1;
    }

    //VLOG << "Setting Private Key File Name to -:" << pkey << ":-\n";
    //if ((rv = curl_easy_setopt(curl, CURLOPT_SSLKEY, (const char*)(pkey))) != CURLE_OK) {
    // VLOG_ERR(VLOG << "CURL setup error, SSLKEY, err: " << rv << endl);
    // stopOnError(getCurlErrBuffer());
    // return -1;
    //}

    long v = !!flags.get(24);
    VLOG << "Setting Verify SSL Server to: " << v << endl;
    if ((rv = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, v)) != CURLE_OK) {
       VLOG_ERR(VLOG << "CURL setup error, VERIFYPEER, err: " << rv << endl);
       stopOnError(getCurlErrBuffer());
       return -1;
    }

    VLOG << "Setting Verify HOST to: " << v << endl;
    if ((rv = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, v)) != CURLE_OK) {
       VLOG_ERR(VLOG << "CURL setup error, VERIFYHOST, err: " << rv << endl);
       stopOnError(getCurlErrBuffer());
       return -1;
    }

-- 
Ben Greear <greearb_at_candelatech.com>
Candela Technologies Inc  http://www.candelatech.com
Received on 2005-05-07