cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Using certificate from memory

From: Itay Dagan <itay_at_yoggie.com>
Date: Tue, 30 Dec 2008 14:22:44 +0200 (IST)

Hi Jeff

finally I got it.

I think there should be somthing more friendly though (maybe there is ... and I dont know about it )
e.g : this set --> will get a buffer with our certificate

url_easy_setopt(curl, CURLOPT_SSLVERIFY_FROM_MEM, buf);

and add it to X509 sturct.

Does it exist ?
If not maybe I will add it :)

Thanks again for the link.

Itay

----- Original Message -----
From: "Itay Dagan" <itay_at_yoggie.com>
To: "libcurl development" <curl-library_at_cool.haxx.se>
Sent: Monday, December 29, 2008 3:59:53 PM (GMT+0200) Auto-Detected
Subject: Re: Using certificate from memory

Hi Jeff

Thanks for the help

I tried to use both advise I got from you and open-ssl guys
still have some problems to verify the certificate with CURL

using this code :
              
    

                curl_easy_setopt(curl, CURLOPT_URL, url);
                curl_easy_setopt(curl, CURLOPT_USERPWD, user_pwd);
                curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1);
                curl_easy_setopt(curl, CURLOPT_WRITEDATA, &serverdata);
                curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writeDataFunction);
                curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, writeHeaderFunction);
                curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);

        curl_easy_setopt(curl,CURLOPT_SSL_CTX_FUNCTION, &Connector::loadFromMemory);  //suppose to load the certificate
        curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, TRUE);

        
        ret = curl_easy_perform(curl);

..."

It behaves like no certificate has been uploaded to the database (looking for a file path ---> ret = 60)

It seems I am still doing something that makes it look for the certificate in a file though I already upload it from the memory

here is the function I am using (with a great help from opsn-ssl forum) :

//************************************************************
int    loadFromMemory(char *buf, int bufLen)
{
    BIO *bp = NULL;
    X509 *cert = NULL;

     #define retFree(x) do { \
        if(bp) \
            BIO_free(bp); \
        if(cert) \
            X509_free(cert); \
       return x; \
    } while(0);

    if(!buf || bufLen < 1)
        return 1;
      
    bp = BIO_new(BIO_s_mem());
    if(!bp)
        return 2;

    cert = X509_new();
    if(!cert)
        retFree(3);  

    if(!BIO_write(bp, buf, bufLen))
        retFree(4);  
  
    cert = PEM_read_bio_X509(bp, NULL, NULL);
    if(!cert) {
        BIO_free(bp);
        bp = BIO_new(BIO_s_mem());
        if(!bp)
            retFree(5);

        if(!BIO_write(bp, (char *) buf, bufLen))
            retFree(6);
  
       cert = d2i_X509_bio(bp, NULL);
   }

   BIO_free(bp);
 
   if(!cert)
       retFree(7);
  
   return 0;
}

//************************************************************

thanks for the help :)

Itay

----- Original Message -----
From: "Jeff Pohlmeyer" <yetanothergeek_at_gmail.com>
To: "libcurl development" <curl-library_at_cool.haxx.se>
Sent: Sunday, December 28, 2008 1:30:50 PM (GMT+0200) Auto-Detected
Subject: Re: Using certificate from memory

On Sun, Dec 28, 2008 at 1:56 AM, Itay Dagan <itay_at_yoggie.com> wrote:

> Can I load the certificate to curl structure from memory , instead of using
>  "curl_easy_setopt(curl,CURLOPT_CAINFO, "C://server_wrong.crt"); "

This might help:
  http://curl.haxx.se/lxr/source/docs/examples/cacertinmem.c

 - Jeff
Received on 2008-12-30