cURL / Mailing Lists / curl-library / Single Mail

curl-library

curl, PKCS12 certificate from memory buffer , openssl and darwin (apple) ssl

From: Gilles Vollant <vollant.g_at_gmail.com>
Date: Tue, 19 Jul 2016 11:50:09 +0200

Hello,

I've an application which uses curl to download from an https server, which
client certificat PKCS12 from memory buffer.

 

It run fine by compiling mu application with curl and openssl, with callback
for creating certificate object from memory (see below).

 

Under Apple (mac and ios), I did not find solution.

 

We probably need to replace execution of function CopyIdentityFromPKCS12File
in darwinssl.c, which contains CFURLCreateDataAndPropertiesFromResource and
just uses a CFDataCreateWithBytesNoCopy instead

 

But is it possible using a callback without modify darwinssl.c?

 

 

 

 

 

--
For info, here is my code with curl+openssl
 
 
typedef struct
{
    
    EVP_PKEY *pkey ;
    X509 *cert ;
    STACK_OF(X509) *ca  ;
    PKCS12 *p12;
    
} CertColl;
 
 
static CURLcode sslctx_p12_function(CURL * curl, void * sslctx, void * parm)
{
    CertColl *certColl=(CertColl *)parm;
    
   
    
    
    SSL_CTX* ctx=(SSL_CTX*)sslctx;
    /* get a pointer to the X509 certificate store (which may be empty!) */
 
    
    
    if(SSL_CTX_use_certificate(ctx, certColl->cert) != 1) {
 
        printf("crt err\n");
 
        return CURLE_FAILED_INIT;
    }
    
    if(SSL_CTX_use_PrivateKey(ctx, certColl->pkey) != 1) {
        printf("unable to use private key from PKCS12 file \n");
 
        return CURLE_FAILED_INIT;
    }
    
 
    return CURLE_OK ;
}
 
/////
 
In my download code, with curl_handle, and certificate in buffer const void*
certificateData,size_t certificateSize, const char* certificatePassword:
 
    CertColl certColl;
    certColl.pkey=NULL;
    certColl.cert=NULL;
    certColl.ca = NULL;
    certColl.p12=NULL;
  if ((certificateData!=NULL) && (certificateSize>0))
  {
      
      BIO*bp=BIO_new_mem_buf((void*)certificateData,certificateSize);
      
      certColl.p12 = d2i_PKCS12_bio(bp,NULL);
      BIO_free(bp);
 
      if (!PKCS12_parse(certColl.p12,certificatePassword, &certColl.pkey,
&certColl.cert, NULL/* &certColl.ca*/)) {
 
      }
      curl_easy_setopt(curl_handle,CURLOPT_SSL_CTX_FUNCTION,
*sslctx_p12_function);
      curl_easy_setopt(curl_handle,CURLOPT_SSL_CTX_DATA,&certColl);
 
  }
 
 
// do the download work with curl_handle
 
    if (certColl.pkey!=NULL)
        EVP_PKEY_free(certColl.pkey);
    if (certColl.cert!=NULL)
        X509_free(certColl.cert);
    if (certColl.p12!=NULL)
        PKCS12_free(certColl.p12);

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-07-19