curl / Mailing Lists / curl-library / Single Mail


Re: [DKIM] How to send intermediate certificate?

From: Jun Sun via curl-library <>
Date: Sat, 6 Apr 2019 19:43:14 -0700

Wow! it was actually pretty easy to use pkcs12 file directly with libcurl.
As expected libcurl/openssl will automatically sends any intermediate
certificates from pkcs12 file.

I modified simplessl.c file a little bit. Here are the relevant lines I
used, which hopefully can help others looking for the same information.


     curl = curl_easy_init();
     curl_easy_setopt(curl, CURLOPT_URL, "");
     curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
      curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "P12");
      curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
      curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase); // the
password for key used by pkcs12 file (for the key)

     // disable server verification because we did not set up ca cert
     curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);

* res = curl_easy_perform(curl);*

On Fri, Apr 5, 2019 at 9:57 AM Jun Sun <> wrote:

> Thanks for pointing it out!
> It looks like libcurl will automatically send intermediate certs from
> pkcs12 file. This is actually the exact case of mine! So far I have been
> parsing pkcs12 file myself and read those certs/key into memory. It looks
> like there is an easier way to use libcurl directly parsing pkcs12 file.
> Is there an existing example I can try that approach?
> Jun
> On Fri, Apr 5, 2019 at 2:26 AM Zakrzewski, Jakub via curl-library <
>> wrote:
>> ------------------------------
>> *From:* curl-library <> on behalf of
>> Jun Sun via curl-library <>
>> > I have followed the example of using user certificate in memory,
>> , and it worked great!
>> > In my environment, however, we have an intermediate CA and the client
>> needs to sends its certificate to server as well. How do I do that?
>> I guess you have to work with OpenSSL function
>> like SSL_CTX_add_extra_chain_cert.
>> libcurl seems to use it also:
>> -------------------------------------------------------------------
>> Unsubscribe:
>> Etiquette:

Received on 2019-04-07