Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL/TLS support using Windows SSPI Schannel API

From: Marc Hörsken <info_at_marc-hoersken.de>
Date: Mon, 9 Apr 2012 22:40:14 +0200

2012/4/9 Gisle Vanem <gvanem_at_broadpark.no>

> "Marc Hörsken" <info_at_marc-hoersken.de> wrote:
>
> this weekend I took the time to create a new SSL/TLS module für libcurl.
>> It
>> is now possible to use the Windows SSPI Schannel API for SSL and TLS
>> connections.
>>
>
> I looked at briefly. I even built with your code easily w/o knowing
> anything
> about SSPI. No problems building it. I just added
> '-DUSE_WINDOWS_SSPI -DUSE_SCHANNEL' to my CFLAGS.
> PS. I accidentely had '-DUSE_OPENSSL' together with these. That caused
> troubles in urldata.h etc. Can you test fir that and issue an #error
> message?
>
> Thanks for that hint. I will try to add a check for other SSL libraries
and issue a warning, yes.

>
> The great news behind all this is, that it is now possible to do SSL/TLS
>> with curl, but without openssl on Windows. This means that the Windows
>> certificate store is used and there are no other dependencies which need
>> to
>> be installed.
>>
>
> So, maybe a naive question. If OpenSSL isn't there to give us
> https-support in
> libcurl, is Windows SSPI/Schannel able to do it? From here, it doesn't
> look that
> way. Please, can you clarify?
>
> Yes, that is basically the whole purpose of this. Schannel is a
replacement for other SSL/TLS implementations, like OpenSSL.
I am currently building it using the previously mentioned Makefile.vc in
winbuild/ and can successfully do HTTPS without OpenSSL.

Example version output of my customized curl version:

D:\Dev\curl\builds\libcurl-release-dll-ssl-schannel-ipv6-sspi\bin>curl -V
curl 7.25.1-DEV (i386-pc-win32) libcurl/7.25.1-DEV Schannel/1.0.0.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s
rtsp
smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate Largefile NTLM SSL SSPI

And then you can just do the following, for example:

curl https://www.google.de/

And it should work. At least it does for me. I will have to test a build
using autotools now.
I also just updated the source code again. It now checks if confidentiality
could actually be established.

Best regards,
Marc

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-04-09