Re: using CURLOPT_SSLCERT with self-signed certificate or non-ca-signed certificates
Date: Sat, 30 May 2020 20:18:47 -0400
On Sat, May 30, 2020 at 11:54 AM Nicolas Mora via curl-library
<curl-library_at_cool.haxx.se> wrote:
>
> I'm trying to use self-signed client certificates in TLS handshakes
> between libcurl and libmicrohttpd.
>
> So far I'm not able to retrieve the client certificate on the server
> side if the client certificate isn't signed by the server CA. I try to
> narrow down where the limitation comes from.
>
> Is it possible with libcurl to use a self-signed client certificate?
> CURLOPT_SSLCERT documentation doesn't provide information about that.
Origin Bound Certificates are the "tear-off" certificates that are
produced on demand by the client
(http://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final162.pdf).
I think it is currently called Token Binding under IETF
(https://tools.ietf.org/html/draft-ietf-tokbind-protocol). I am not
sure how closely Token Binding follows Origin Bound Certificates.
Jeff
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-05-31