Dear list members,

I have an application that needs to communicate with a single
https server using a self-signed certificate. The application needs
to be wholy self-contained (statically linked, no external data files),
and must be able to run from a read-only filing system. Therefore
I cannot install a (modified) certificate bundle, nor can I use
the default certeficate bundle usually installed with curl (the app)

There does not seem to be an easy libcurl function that can (for
instance) pass a full (pem) certificate in a string rather than
a filename to a pem certificate in an external file, and indeed
openssl does not seem to have an easy interface to accomplish
this either. So far I have been groveling through the openssl
X509_STORE structure to see if I can manually fill it using
my certificate data, but unfortunately this structure is very much
like spagetthi, and I have the fear that manually poking around
in it will result in non-portable, non maintainable source code.

Is there a more elegant way to use libcurl with a compiled-in
certificate?

with kind regards,

Theo Borm
Received on 2005-08-23