cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-library Mailing List Archives

SSL Client authentication

From: Eric Rautman <erautman_at_email.com>
Date: Tue, 17 Apr 2001 16:09:56 -0400 (EDT)

A question about client authentication using libcurl's
curl_easy_setopt(curl, CURLOPT_SSLCERT, crtfile) function.

the documentation mentions that 'crtfile' must contain the concatenation of
the private key and the cert itself.

Does this concatenated file need to be stored at the server? If so, isn't
this a serious security risk? I thought the idea behind asymmetric
encryption was to keep the private key at the host, not distribute it with
the cert.

Or is the cert stored at the server without the private key concat'ed? Does
libcurl send this concat'ed file to the server at client authentication
time, or just the cert itself?

Thanks,
Eric

-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com

_______________________________________________
Curl-library mailing list
Curl-library_at_lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/curl-library
Received on 2001-04-17

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET