Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Client side Authentication query with libcrul
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Ray Satiro via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 25 Jul 2022 03:03:29 -0400
On 7/25/2022 2:49 AM, Minal Patil via curl-library wrote:
> I am looking to configure client side certificate validation in my
> libcurl based application communicating with https protocol.
>
> As per the documentation I need to configure the CURLOPT_SSLCERT
> attribute. Sample code available on its doc page says i need to
> configure below 3 attributes.
>
> curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem");
> curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem");
> curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret");
>
> When using a client certificate, you most likely also need to provide
> a private key with CURLOPT_SSLKEY. It gives an impression that
> CURLOPT_SSLKEY is optional and not mandatory.
> So can you please clarify if it's really an optional attribute. In
> other words can i configure the application only to use a certificate
> and key is not required.
Whether SSLKEY is needed depends, please review the SSLCERT man pages.
[1][2] Some certificate files contain both the private and public key in
the same file, or the SSLCERT option can be set to a nickname or
certificate path for some SSL backends.
[1]: https://curl.se/libcurl/c/CURLOPT_SSLCERT.html
[2]: https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html
Date: Mon, 25 Jul 2022 03:03:29 -0400
On 7/25/2022 2:49 AM, Minal Patil via curl-library wrote:
> I am looking to configure client side certificate validation in my
> libcurl based application communicating with https protocol.
>
> As per the documentation I need to configure the CURLOPT_SSLCERT
> attribute. Sample code available on its doc page says i need to
> configure below 3 attributes.
>
> curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem");
> curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem");
> curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret");
>
> When using a client certificate, you most likely also need to provide
> a private key with CURLOPT_SSLKEY. It gives an impression that
> CURLOPT_SSLKEY is optional and not mandatory.
> So can you please clarify if it's really an optional attribute. In
> other words can i configure the application only to use a certificate
> and key is not required.
Whether SSLKEY is needed depends, please review the SSLCERT man pages.
[1][2] Some certificate files contain both the private and public key in
the same file, or the SSLCERT option can be set to a nickname or
certificate path for some SSL backends.
[1]: https://curl.se/libcurl/c/CURLOPT_SSLCERT.html
[2]: https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-07-25