cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Connecting using client certificates

From: Ben Noordhuis <info_at_bnoordhuis.nl>
Date: Mon, 21 Mar 2011 18:49:05 +0100

On Mon, Mar 21, 2011 at 17:56, plot.lost <plot.lost_at_gmail.com> wrote:
> I thought the CURLOPT_CAINFO / CAPATH was used for specifying certificates
> that are used by curl to verify the server certificate, not anything that
> are used as part of the client certificate processing.

Ah, it kind of depends. But if you can use PKCS12...

> I've tried building a pkcs12 file that contains the client certificate and
> the relevant CA/Root certificates, and then converted that back into a
> single PEM file. That gets a PEM file that is different to the usual method
> of just sticking the certificates together - there are additional elements
> before each certificate (Bag Attributes, subject and issuer) but that is
> also rejected by the server.

...then it's probably easiest to use that. Here is what you do:

1. Set CURLOPT_SSLCERT to the filename of the .p12
2. Set CURLOPT_SSLCERTTYPE to the string "P12"

That should be all, libcurl will set up the CA chain for you.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-03-21