curl / Mailing Lists / curl-library / Single Mail


Re: Unable to compile curlx.c with OpenSSL 1.1.0

From: Peter Sylvester via curl-library <>
Date: Fri, 15 Dec 2017 10:23:05 +0100

On 12/15/2017 05:45 AM, Krishnaraj wrote:
> On 12/13/2017 2:41 PM, Krishnaraj wrote:
>> On 12/13/2017 1:22 PM, Daniel Stenberg wrote:
>>> Sure, but that man page I linked to also describes other functions so I was sort of hoping that
>>> would get you started in trying out what works for you.
>>> X509_STORE_CTX_get0_cert() sounds like it might be the better choice.
>> I will try and let you know which one is working. :-)
> X509_STORE_CTX_get0_cert() is the correct function.
Indeed, I am sorry for this. I could have corrected this about 10 years ago or so.

For info: OpenSSL started to make all internal structures opaque but hesitated
for a long time to activate this behaviour.
One can actually still include this internal structures but this is pretty ugly.

The program was made in order to be able,to use a veryt small footprint to access a server:

All information about the URL to go is inside the certs that are in the PKCS12, and
the server can provide a definitive URL in the call back.

by doing curl_easy_setopt(p->curl, CURLOPT_URL, accessinfo);
in the callback. This works becaus the http request has not yet been prepared
because Daniel had accepted a small modification almost 15 years ago.

Have fun.

Received on 2017-12-16