curl-library
Using certificates created from Windows certificate store
Date: Tue, 13 Mar 2012 11:22:33 -0700
Hi everyone,
I've been trying to remove the requirement of having to bundle a
certificate file, as described here [http://curl.haxx.se/docs/caextract.html],
by using the appropriate methods from openSSL to extract certificates from
the Windows certificate store. However, when trying to replace the
ca-bundle.crt with the file that my code creates, curl throws me an error:
Error: [77] - error setting certificate verify locations:
CAfile: C:\Program Files\Client\ca-bundle.crt
CApath: none
Any idea of what I could be missing here? I'll briefly describe what I'm
doing below so that readers have a clearer picture:
1. Use the crypt32 API to open the certificate store and iterate through
the installed certificates. Of these, I only use the ones with "Enhanced
Key Usage" is Client Authentication or Server Authentication or All (i.e.
discarding those with timestamp signing, etc), and of course those which
aren't expired.
2. Use the X.509 and PEM API from openSSL to decode these certificates and
write the public key portion of them to the generated file.
Any ideas? I really doubt that Windows-bundled certificates (they come from
Verisign, Thawte, etc) aren't valid for common use. If this works, it would
nicely eliminate the pain of having to bundle up certificate files with
apps using cURL and I'd be happy to share the complete code.
Thanks!
-- Alex Loukissas Member of Technical Staff - Maginatics, Inc. www.maginatics.com
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-13