Thanks Daniel
Maybe as a start I would do it for ssl-lib

I am now trying to do it on the other way too (mutual authentication)
meaning client will upload a certificate from memory (not a file) and send it to the server.

Can you advise on that ?
has it been talked about in the past ? (didnt saw it :)

cheers

Itay

--------------------------------------------------------------------------------------------------------------
No, there doesn't exist anything like that - then the example code would've used it!

One little problem would be to make it SSL library agnostic so that it'd be possible to make the feature work with other libs than OpenSSL as well.

----- Original Message -----
To: "libcurl development" <curl-library_at_cool.haxx.se>
Sent: Tuesday, December 30, 2008 2:22:44 PM (GMT+0200) Auto-Detected
Subject: Re: Using certificate from memory

Hi Jeff

finally I got it.

I think there should be somthing more friendly though (maybe there is ... and I dont know about it )
e.g : this set --> will get a buffer with our certificate

url_easy_setopt(curl, CURLOPT_SSLVERIFY_FROM_MEM, buf);

and add it to X509 sturct.

Does it exist ?
If not maybe I will add it :)

Thanks again for the link.

Itay

----- Original Message -----
To: "libcurl development" <curl-library_at_cool.haxx.se>
Sent: Monday, December 29, 2008 3:59:53 PM (GMT+0200) Auto-Detected
Subject: Re: Using certificate from memory

Hi Jeff

Thanks for the help

I tried to use both advise I got from you and open-ssl guys
still have some problems to verify the certificate with CURL

using this code :
              
    

                curl_easy_setopt(curl, CURLOPT_URL, url);
                curl_easy_setopt(curl, CURLOPT_USERPWD, user_pwd);
                curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1);
                curl_easy_setopt(curl, CURLOPT_WRITEDATA, &serverdata);
                curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writeDataFunction);
                curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, writeHeaderFunction);
                curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);

        curl_easy_setopt(curl,CURLOPT_SSL_CTX_FUNCTION, &Connector::loadFromMemory);  //suppose to load the certificate
        curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, TRUE);

        
        ret = curl_easy_perform(curl);

..."

It behaves like no certificate has been uploaded to the database (looking for a file path ---> ret = 60)

It seems I am still doing something that makes it look for the certificate in a file though I already upload it from the memory

here is the function I am using (with a great help from opsn-ssl forum) :

//************************************************************
int    loadFromMemory(char *buf, int bufLen)
{
    BIO *bp = NULL;
    X509 *cert = NULL;

     #define retFree(x) do { \
        if(bp) \
            BIO_free(bp); \
        if(cert) \
            X509_free(cert); \
       return x; \
    } while(0);

    if(!buf || bufLen < 1)
        return 1;
      
    bp = BIO_new(BIO_s_mem());
    if(!bp)
        return 2;

    cert = X509_new();
    if(!cert)
        retFree(3);  

    if(!BIO_write(bp, buf, bufLen))
        retFree(4);  
  
    cert = PEM_read_bio_X509(bp, NULL, NULL);
    if(!cert) {
        BIO_free(bp);
        bp = BIO_new(BIO_s_mem());
        if(!bp)
            retFree(5);

        if(!BIO_write(bp, (char *) buf, bufLen))
            retFree(6);
  
       cert = d2i_X509_bio(bp, NULL);
   }

   BIO_free(bp);
 
   if(!cert)
       retFree(7);
  
   return 0;
}

//************************************************************

thanks for the help :)

Itay

----- Original Message -----
From: "Jeff Pohlmeyer" <yetanothergeek_at_gmail.com>
To: "libcurl development" <curl-library_at_cool.haxx.se>
Sent: Sunday, December 28, 2008 1:30:50 PM (GMT+0200) Auto-Detected
Subject: Re: Using certificate from memory

On Sun, Dec 28, 2008 at 1:56 AM, Itay Dagan <itay_at_yoggie.com> wrote:

> Can I load the certificate to curl structure from memory , instead of using
>  "curl_easy_setopt(curl,CURLOPT_CAINFO, "C://server_wrong.crt"); "

This might help:
  http://curl.haxx.se/lxr/source/docs/examples/cacertinmem.c

 - Jeff
Received on 2008-12-31