cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl with client ssl certificate

From: Ralph Mitchell <ralphmitchell_at_gmail.com>
Date: Mon, 20 Aug 2012 07:42:46 -0400

On Mon, Aug 20, 2012 at 2:14 AM, Chris Baylis <chrisbay90_at_gmail.com> wrote:

> Thank you all for your input. It lead me to a little investigation and
> as it turns out I didn't know what I was doing with the keys.
> Originally the client key was signed by the client itself. I now have
> client keys, signed by the web server. And can run simplessl.c with my
> keys and curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile) disabled.
> Curious though how `curl -E cert url` worked in the original
> scenerario when simplessl.c did not.

Judging by the outputs in your original email, command-line curl was
looking in the /etc/ssl/certs *directory* for a CA cert to validate the
server, whereas the compiled program was looking either in the
 /etc/ssl/certs/ca-certificates.crt *file* (as shown in the output), or in
the cert.pem *file* (as shown in the source snippet). So, maybe the CA
cert for your server is sitting in the directory, but is not appended to
whichever file was read?

Ralph Mitchell

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-08-20