cURL / Mailing Lists / curl-library / Single Mail

curl-library

SSL certificates

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sat, 1 Sep 2012 22:52:27 +0200 (CEST)

On Sat, 1 Sep 2012, Sidde Gowda wrote:

Please start a new thread with a proper subject when there's no relation to
the old topic anymore.

> I have another question related to SSL to get the same crl over https
> connection. What I have understood from cURL manuals is that I need 3
> certificates. One from CA, one from server we want to connect to and one for
> client to connect (if server needs client verification).

The "one from CA" is usually a whole set from all the CAs you trust - the ca
cert bundle. The one from the server is requested at SSL negotiation time,
nothing you need to bother about very much.

> In my setup, both CA and server are same.

You mean you have a self-signed certificate in the server?

> So, I can use same CA signed certifcate for both CA as well as server
> certificates but need to generate one for client.

I don't understand. Are you talking about creating a client certificate?

> Also I have understood that i do not need anything to handle in
> ssl_ctx_function since libcurl do the verification.

libcurl will verify the server certificate automatically, and you instead have
to switch that off if that isn't what you want.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2012-09-01

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [curl] curl_multi_fdvec (#38)"
Previous message: Sidde Gowda: "RE: Port from URI is not taken"
In reply to: Sidde Gowda: "RE: Port from URI is not taken"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]