cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: ca cert question

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 25 May 2009 09:52:20 +0200 (CEST)

On Wed, 20 May 2009, Guenter wrote:

> if I configure libcurl with --with-ca-path=path then curl looks into that
> directory, and uses any *.crt files it finds there, including ca-bundle.crt
> ?

No, you also need to prep that dir with the openssl tool. I can't remember
exactly how right now.

This also only works with libcurl built to use OpenSSL.

> and if I use --with-ca-bundle=/path/ca-bundle.crt then only ca-bundle.crt is
> used, regardless of other *.crt files in same directory ?

Exactly.

> And its valid to use both options, f.e.
> --with-ca-bundle=/usr/local/share/curl/ca-bundle.crt to specify the
> ca-bundle.crt and then --with-ca-path=/etc/ca-certs to look there fore
> additional ca-certs ?

Yes, OpenSSL accepts both arguments in the same function
(SSL_CTX_load_verify_locations) so I believe that's how it'll work.

-- 
  / daniel.haxx.se

Received on 2009-05-25

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: error:0D0680A8 with FTPS"
Previous message: Markus Moeller: "Re: negotiate on Solaris"
In reply to: Guenter: "ca cert question"
Next in thread: Michael Wood: "Re: ca cert question"
Reply: Michael Wood: "Re: ca cert question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]