cURL / Mailing Lists / curl-library / Single Mail

curl-library

Problem Related to nonblocking socket and Peer certificate verification

From: Ajeet kumar.S <ajeetkumar.s_at_jasmin-infotech.com>
Date: Tue, 7 Oct 2008 13:32:21 +0530

Dear All,

Thank you Daniel. I am trying to solve that issue. But when I enable
nonblocking mode I saw after tcp connection our client sending client hello
and always closing socket(reseting) it is not receiving server hello
messagebut server is sending server hello and other ssl processes. What is
reason behind it. If i am using blocking mode of socket then I am getting
data. But problem is loosing application data from one platforms to other.

Actually I have one more doubt to using ssl peer certificate verification. I
wrote code like written below:

 

 

CURL* curl;

 

curl_easy_setopt(curl ,CURLOPT_SSLCERTTYPE,"PEM");

 curl_easy_setopt(curl ,CURLOPT_SSLCERT, "CertFile.pem");

curl_easy_setopt(curl ,CURLOPT_SSLKEY,"KeyFile.pem");

curl_easy_setopt(curl , CURLOPT_KEYPASSWD, "abc");

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);

curl_easy_setopt(curl, CURLOPT_CAINFO, "cafile.pem");

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);

curl_easy_perform(curl);

 

I put all keys and certificates in debug folder and run I got unknow CA
error.Is it due to we did not put our CA certificate in ca-bundle.pem or
any different reason.

Let me know I did correct or wrong.If I want to know if I want to use
CURLOPT_CAPATH option, I need to give path of ca certificate location w.r.t.
debug folder or we need to give w.r.t. ca-bundle.crt file or other way to
assign the path. One more doubt in certificate bundle having bunch of
certificates so how curl will recogonise this certificate will use to verify
coming server certificate.

Please guide me how to set peer verification and CURLOPT_CAPATH option?

 

 

Thank you.

Regards,

--Ajeet Kumar Singh

 

 

 

image002.jpg
Received on 2008-10-07