curl-library
Re: Connecting using client certificates
Date: Mon, 21 Mar 2011 18:49:05 +0100
On Mon, Mar 21, 2011 at 17:56, plot.lost <plot.lost_at_gmail.com> wrote:
> I thought the CURLOPT_CAINFO / CAPATH was used for specifying certificates
> that are used by curl to verify the server certificate, not anything that
> are used as part of the client certificate processing.
Ah, it kind of depends. But if you can use PKCS12...
> I've tried building a pkcs12 file that contains the client certificate and
> the relevant CA/Root certificates, and then converted that back into a
> single PEM file. That gets a PEM file that is different to the usual method
> of just sticking the certificates together - there are additional elements
> before each certificate (Bag Attributes, subject and issuer) but that is
> also rejected by the server.
...then it's probably easiest to use that. Here is what you do:
1. Set CURLOPT_SSLCERT to the filename of the .p12
2. Set CURLOPT_SSLCERTTYPE to the string "P12"
That should be all, libcurl will set up the CA chain for you.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-03-21