curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: [DKIM] How to send intermediate certificate?

From: Jun Sun via curl-library <curl-library_at_cool.haxx.se>
Date: Sat, 6 Apr 2019 19:43:14 -0700

Wow! it was actually pretty easy to use pkcs12 file directly with libcurl.
As expected libcurl/openssl will automatically sends any intermediate
certificates from pkcs12 file.

I modified simplessl.c file a little bit. Here are the relevant lines I
used, which hopefully can help others looking for the same information.

Jun

     curl = curl_easy_init();
     curl_easy_setopt(curl, CURLOPT_URL, "https://your.host.com");
     curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
      curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "P12");
      curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
      curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase); // the
password for key used by pkcs12 file (for the key)

     // disable server verification because we did not set up ca cert
     curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);

* res = curl_easy_perform(curl);*

On Fri, Apr 5, 2019 at 9:57 AM Jun Sun <jsun_at_junsun.net> wrote:

> Thanks for pointing it out!
>
> It looks like libcurl will automatically send intermediate certs from
> pkcs12 file. This is actually the exact case of mine! So far I have been
> parsing pkcs12 file myself and read those certs/key into memory. It looks
> like there is an easier way to use libcurl directly parsing pkcs12 file.
>
> Is there an existing example I can try that approach?
>
> Jun
>
> On Fri, Apr 5, 2019 at 2:26 AM Zakrzewski, Jakub via curl-library <
> curl-library_at_cool.haxx.se> wrote:
>
>>
>> ------------------------------
>> *From:* curl-library <curl-library-bounces_at_cool.haxx.se> on behalf of
>> Jun Sun via curl-library <curl-library_at_cool.haxx.se>
>>
>> > I have followed the example of using user certificate in memory,
>> https://curl.haxx.se/libcurl/c/usercertinmem.html , and it worked great!
>>
>> > In my environment, however, we have an intermediate CA and the client
>> needs to sends its certificate to server as well. How do I do that?
>>
>>
>> I guess you have to work with OpenSSL function
>> like SSL_CTX_add_extra_chain_cert.
>>
>> libcurl seems to use it also:
>> https://github.com/curl/curl/blob/efd9fba68189c70c2a48d9726b25df25ba87fcd0/lib/vtls/openssl.c#L799%e2%80%8b
>>
>> -------------------------------------------------------------------
>> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
>> Etiquette: https://curl.haxx.se/mail/etiquette.html
>
>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-04-07