cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Using libcurl/SSL with in-core certificate

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Tue, 23 Aug 2005 14:43:47 +0200 (CEST)

On Tue, 23 Aug 2005, theo borm wrote:

> There does not seem to be an easy libcurl function that can (for instance)
> pass a full (pem) certificate in a string rather than a filename to a pem
> certificate in an external file, and indeed openssl does not seem to have an
> easy interface to accomplish this either. So far I have been groveling
> through the openssl X509_STORE structure to see if I can manually fill it
> using my certificate data, but unfortunately this structure is very much
> like spagetthi, and I have the fear that manually poking around in it will
> result in non-portable, non maintainable source code.
>
> Is there a more elegant way to use libcurl with a compiled-in certificate?

I didn't find any such function either in OpenSSL so therefore I've never
added such an option to libcurl. Also, with the addition of GnuTLS support I'm
reluctant to add SSL-related features that aren't supported by both SSL
layers...

So, I guess you should be asking the OpenSSL/GnuTLS people this question.

Personally, I would store the only CA cert on the read-only file system. Or
have it built-in in to the app and on start you mount a ram filesystem and
have the program write it to that fs and then you can use the API like
normal...

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2005-08-23