curl-library
Re: SSL and basic authentication.
Date: Tue, 21 Oct 2008 13:44:53 -0700
On Tue, Oct 21, 2008 at 09:13:09PM +0200, Josef Wolf wrote:
> First question is: what is the default place where curl searches for
> CA certificates? I have to explicitly use the --cacert or the --capath
> options if I want to use the certificates that come with openssl.
This is determined at compile time. The curl configure script tries to make
an intelligent guess but it's sometimes wrong. It's up to the package
maintainer to make sure that curl is compiled with a correct path. It
sounds like your package is broken
> As a workaround, I put this into ~/.curlrc:
>
> $ echo -- --capath /etc/ssl/certs > ~/.curlrc
That should be fine.
> Now I try authentication:
>
> $ curl https://test.host/git/test1/HEAD
> [ 401 error ]
> $ curl https://user@test.host/git/test1/HEAD
> [ 401 error ]
In this case you specify a user name but no password, so curl sends a
user name and no password to the host.
> $ curl --user user https://test.host/git/test1/HEAD
> Enter host password for user 'user':
> [ works ]
>
> Curl asks me for a password and retrieves the file only if I supply
> the --user option.
That's by design.
> First problem is, prefixing user in front of hostname don't work.
> IMHO, this is a bug in curl, since this format is explicitly documented.
It does work, just not in the way you expect. curl assumes that a user
name & password specified in a URL is complete and doesn't request a
further password from the user in this case.
> Next, I try to find out how to use libcurl so that it asks me for a
> password:
libcurl doesn't ask for a password--curl asks for the password and sends
it to libcurl. If you want to replicate that functionality in your own
application, you'll have to read a password from the user yourself.
>>> Dan
-- http://www.MoveAnnouncer.com The web change of address service Let webmasters know that your web site has movedReceived on 2008-10-21