cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Passing SSL CA information from memory instead of file

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Thu, 16 Sep 2010 11:16:09 +0200

On Thursday 16 September 2010 00:50:49 libcurl libcurl wrote:
> I'd really like the ability to pass CA information for validating SSL
> connections directly to libcurl from memory, instead of having the
> information read from a file.
>
> I see that there was a discussion back in 2006 regarding this here:
> http://curl.haxx.se/mail/lib-2006-03/0013.html

Here is a more recent one:
http://curl.haxx.se/mail/lib-2010-08/0027.html

> But, looking at the most recent libcurl API, I don't see any way to do
> this. Am I missing something, or is it still yet to be implemented?

Have you looked at this example?
http://curl.haxx.se/libcurl/c/cacertinmem.html

> As an aside, the default curl-ca-bundle.crt file on my machine is about
> 240K - does libcurl (or openssl) re-read this file every time I make a new
> SSL connection?

Not sure with openssl. With NSS, it's re-read per connection as long as you
use legacy CA bundle in file. As an alternative, you can use NSS database,
which I believe is somehow optimized in this aspect.

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-09-16

This message: [ Message body ]
Next message: Tom Edwards: "Cross-compiling libcurl x86 on Linux x64"
Previous message: Dlpnet: "Re: Problem with NTLM AUTH"
In reply to: libcurl libcurl: "Passing SSL CA information from memory instead of file"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]