cURL / Mailing Lists / curl-library / Single Mail


Using libCurl with SSL-certificates and CRLs properly

From: Christian Hägele <>
Date: Thu, 21 Mar 2013 15:59:45 +0100


I am trying to use libcurl with OpenSSL to establish SSL-connections to
different peers. I already managed to get a secure connection and I also
managed to use the cacert.pem-file properly.
I can download the CRL manually and point to its path via the
CURLOPT_CRLFILE option. That works fine when certificate is valid and also
properly denies connection when certificate is revoked or CRL is wrong/not

My problem is how to use the CRL properly. Because in a real world
scenario I don't have the right CRL already downloaded and ready to use
before I made the request. I have to download the CRL when I want to
establish a connection with a server the first time. Do I miss something
here? How can I get the CRL before I made the request? The URL to the CRL
is written in the server certificate.
I searched this mailing list and somebody had the same issue about 4 years
ago and the problem wasn't solved.

I am sure a lot of people use libcurl with OpenSSL and establish
SSL-Connections. But without a CRL-check the connection could be
compromised. So I hope somebody solved this problem already.



List admin:
Received on 2013-03-21