cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Libcurl - client SSL authentication with native windows crypto - is it possible?

From: Jan Ehrhardt <phpdev_at_ehrhardt.nl>
Date: Tue, 02 Jul 2013 19:13:21 +0200

Nick Zitzmann in gmane.comp.web.curl.library (Tue, 2 Jul 2013 09:52:52
-0600):
>On Jul 1, 2013, at 5:25 PM, Vladimir Ch. <cctv.star_at_gmail.com> wrote:
>
>> I'm using libcurl on Windows, I need to implement client-side SSL
>>authentication. The catch is, client certificate, used for
>>authentication, is marked as non-exportable. It means, that I cannot
>>export it and feed to, say, OpenSSL - I need to make libcurl use native
>>Windows crypto (WinSSL / SecureChannel / whatever it's called).
>>
>> Is it possible?
>
>Unfortunately no, or at least not yet.

Why not? There is a compile option WITH_WINSSL=static. With OpenSSL:

curl 7.31.0 (i386-pc-win32) libcurl/7.31.0 OpenSSL/1.0.1e
zlib/1.2.8libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3
pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM SPNEGO SSL SSPI
libz

This curl.exe needs a bundle of keys.

curl: (60) SSL certificate problem: unable to get local issuer
certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.

But this one:

curl 7.31.0 (i386-pc-win32) libcurl/7.31.0 WinSSL zlib/1.2.8 WinIDN
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3
pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM SPNEGO SSL
SSPI libz

retrieves a https URL witlout any complaints. It must be using the
system certificates.

Compile statement:

nmake /f makefile.vc mode=static VC=9 MACHINE=x86
WITH_DEVEL=../../win32build USE_IDN=yes WITH_WINSSL=static
WITH_ZLIB=static

The libcurl_a.lib should do the trick as well, I think.

Jan

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-07-02