Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURLOPT_SSL_CTX_FUNCTION for mbedTLS missing

From: Ales Mlakar <jazzbre_at_gmail.com>
Date: Mon, 20 Feb 2017 09:05:20 +0100

Ok, the only problem I see here is that OpenSSL actually has a single
context where you can add everything to it etc, whereas mbedTLS would
probably need to push mbedtls_ssl_config* config, mbedtls_x509_crt
*cacert, mbedtls_x509_crt* clicert, mbedtls_x509_crl* crl,
mbedtls_pk_context* pk into the callback function, which is kind of messy.
I just push mbedtls_x509_crt *cacert right now because I only need that.

Like:
static CURLcode AddCertificatesFunction(CURL* curl, void* sslctx, void*
parm) {

     const char* testpem = "-----BEGIN CERTIFICATE-----\n"

...

                      "-----END CERTIFICATE-----\n";

    mbedtls_x509_crt* cacert = static_cast<mbedtls_x509_crt*>(sslctx);

    int ret = mbedtls_x509_crt_parse(cacert, (const unsigned char*)
testpem, (size_t)(strlen(testpem) + 1));

    return CURLE_OK;

}

Used from:

res = curl_easy_setopt(curl_, CURLOPT_SSL_CTX_FUNCTION,
*SSL_AddCertificatesFunction);
Regards,
Ales

On Sat, Feb 18, 2017 at 11:56 PM, Ray Satiro via curl-library <
curl-library_at_cool.haxx.se> wrote:

> On 2/18/2017 2:34 PM, Ales Mlakar wrote:
> > I was using CURLOPT_SSL_CTX_FUNCTION to load the ca certs from memory
> > with OpenSSL and I want to use the same on mbedTLS.
> > Is there any reason this is not implemented?
> > I've added it and it works, I can make a pull request or whatever you
> > guys do If you want, just say the word.
>
> Just lack of interest I suspect. That option was intended to modify the
> configuration options though not the actual SSL object, and I'm not sure
> what effect it would have just modifying an mbedtls config. I think the
> mbedTLS CTX is actually the equivalent of what the SSL object is in
> OpenSSL, and probably mbedtls_ssl_config is the equivalent of OpenSSL's
> CTX? In CURLINFO_TLS_SSL_PTR [1] we are returning a pointer to
> mbedtls_ssl_context so that's why I think their context is SSL obj.
> Anyway.. sure, make a PR and someone will take a look.
>
>
> [1]: https://curl.haxx.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html
>
>
>
> -------------------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-20