cURL / Mailing Lists / curl-library / Single Mail


digging into the tutorial as well as example cacertinmem.c

From: Dennis Clarke <>
Date: Mon, 11 Mar 2013 21:37:26 -0400

I think SSL may be a big baffling to me as the term "CA Cert" gets used a lot
but I am not to clear where libcurl looks to find these CA's.

The sample code cacertinmem.c compiles neatly and I tried to replace the
contents of the "char * mypem" variable with pem contents I extracted
using openssl :

openssl s_client -connect -CApath /usr/local/ssl/certs -showcerts

I get lovely looking somewhat like :

depth=2 O =, OU = incorp. by ref. (limits liab.), OU = (c) 1999 Limited, CN = Certification Authority (2048)
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = is incorporated by reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C
verify return:1
depth=0 C = US, ST = New York, L = New York, O = Some Company Name, CN =
verify return:1

So that looks quite nice.

I am thinking, based on the docs for curl_easy_setopt, that I can set a filename via CURLOPT_SSLCERT that contains a bundle of PEM data with the required PEM goodness
in it like so :

$ cat /usr/local/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem \
> /usr/local/ssl/certs/Entrust.net_Secure_Server_CA.pem \
> /usr/local/ssl/certs/Entrust_Root_Certification_Authority.pem > Entrust_bundle

Then somehow, magically, watch libCurl use that as the place to look for a CA Cert.

Am I on the right path here ?


List admin:
Received on 2013-03-12