curl-library
Re: libcurl with client ssl certificate
Date: Sun, 19 Aug 2012 19:57:02 +0200 (CEST)
On Sun, 19 Aug 2012, Ralph Mitchell wrote:
>> static const char *pCertFile = "cert.pem";
>>> static const char *pCACertFile="cert.pem";
>>
>> This seems like a highly unlikely scenario. The same file, really?
>
> A self-signed cert would be its own CA cert, so it's possible.
But the pCertFile is the SSL _client_ cert. It would mean that he uses the
client cert file to verify the server cert and still also use that to
authenticate to the server. It might be possible, but my money is on a mistake
or misunderstanding somewhere.
> so the key would need to be in the same file too. The one thing that I'm
> not sure about is the compiled program reporting:
>
> * found 142 certificates in /etc/ssl/certs/ca-certificates.crt
>
> when it *should* be looking for CA certs in the file designated by
> pCACertFile. Does libcurl automatically look in ca-certificates as well as
> any file you designate?
Very good remark there! No, libcurl will in that case only use the single file
specified in the setopt. It would indicate that he actually has 142
certificates in the file. That also hints that it isn't a client cert at
all...
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2012-08-19