curl-library
Re: libcurl with client ssl certificate
Date: Sat, 18 Aug 2012 18:50:58 -0400
On Sat, Aug 18, 2012 at 5:52 PM, Chris Baylis <chrisbay90_at_gmail.com> wrote:
> Hello,
>
> I am trying to use libcurl in C to connect a site that uses client SSL
> authentication.
> I can acheive this task with curl, but not libcurl.
>
> Successful example with curl
> $ curl -vv -E cert.pem https://someURL
> * About to connect() to someURL port 443 (#0)
> * Trying 1.2.3.4... connected
> * Connected to someURL (1.2.3.4) port 443 (#0)
> Enter PEM pass phrase:
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> ....
> ....
> ...
> Webpages dowloads succesfully and I can see some debuging output I added in
> PHP verifying that the client certificate was used.
>
> I have taken the simplessl.c example from the your site and changed only
> the
> following lines so far.
>
> const char *pPassphrase = "<PASSWORD SET HERE>";
> static const char *pCertFile = "cert.pem";
> static const char *pCACertFile="cert.pem";
> pKeyName = "cert.pem";
> pKeyType = "PEM";
> pEngine = NULL;
> curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
>
> The result of this is as follows
> $ gcc -lcurl simplessl.c
> $ ./a.out
> * About to connect() to https://someURL port 443 (#0)
> * Trying 1.2.3.4... * connected
> * Connected to someURL (1.2.3.4) port 443 (#0)
> * found 142 certificates in /etc/ssl/certs/ca-certificates.crt
> * error reading X.509 key or certificate file
> * Closing connection #0
> * SSL connect error
> curl_easy_perform() failed: SSL connect error
Does your cert.pem contain the chain of CA certs that signed your client
certificate?
You have a working command-line already, so you can use the --libcurl
option to get the equivalent source file (with the exception of formpost
stuff as mentioned in the man page):
curl --libcurl myCurlSsl.c -w -E cert.pem https://some.site.com
Ralph Mitchell
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-08-19