curl-library
Re: SSL, cURL, and paypal
Date: Fri, 21 Aug 2009 11:22:33 -0700
On Thu, Aug 20, 2009 at 11:23:03PM -0400, Brandon Tate wrote:
> I sent a message out a little while ago that I couldn't connect to
> payflow with cURL. I solved that. I was setting the port with a curl
> option and needed to include https:// in the url.
>
> However, now I'm having an issue where if I set the path to a pem file
> with CURLOPT_CAPATH I can connect but it freezes and dies somehow or
> another after that. If I set the path with CURLOPT_SSLCERT I get the
> error
>
> * Connected to pilot-payflowpro.paypal.com (216.113.190.200) port 443
> * unable to set private key file: '/usr/local/verisign/payflowpro/
> linux/certs/payflow-G2.pem' type PEM
>
> I also tried setting a cer that way which didn't work. Any theories on
> that?
I see two obvious problems. CURLOPT_SSLCERT is the path to the SSL
certificate that curl presents to the peer. CURLOPT_CAPATH is a path to
trusted certificates that curl uses to verify the the certificate the
server sends to the client.
If you've set CURLOPT_SSLCERT to
/usr/local/verisign/payflowpro/linux/certs/payflow-G2.pem, but that
payflow-G2.pem doesn't contain a private key, then you also need to set
CURLOPT_SSLKEY to point to a file with your key. The error message
"unable to set private key file" should be a clue about this problem.
I'd re-read the manual for the following options:
These options deal with the cert that you present to the peer:
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLCERT
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLKEY
These options deal with how you authenticate the certificate that the
peer presents to curl.
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLVERIFYPEER
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLVERIFYHOST
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCAINFO
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCAPATH
HTH,
-j
Received on 2009-08-21