cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Using a client certificate when doing SSL

From: Camille Moncelier <moncelier_at_devlife.org>
Date: Tue, 2 Feb 2010 10:34:54 +0100

If you need a temporary solution you can use CURLOPT_SSL_CTX_FUNCTION

curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_ssl_ctx_function);
curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, NULL);

CURLcode curl_ssl_ctx_function(CURL * curl, void * sslctx, void * parm) {
  SSL_CTX * ctx = (SSL_CTX *) sslctx;
  // Play with SSL Context
  return CURLE_OK ;
}

On Mon, Feb 1, 2010 at 11:16 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Thu, 28 Jan 2010, Adrian Michel wrote:
>
> My app uses libcurl to make https requests based on this example
>> http://curl.haxx.se/libcurl/c/https.html and I do not use a client side
>> certificate. My goal is not to authenticate the server, as I also control
>> the server side, but to ensure the requests and responses are encrypted. I'm
>> wondering though if not having a client side certificate could make the
>> application less secure, or have any other unintended consequences.
>>
>
> No, it won't make your client-side less secure, it will possibly make the
> server-side less sure of who's really communication with it.
>
> There's no additional encryption or anything going on when you use a client
> certificate, it is "just" an added certificate.
>
>
> Also, when using a client certificate with libcurl, is there a way to pass
>> it from memory instead of a file? Or is it required by the standards that
>> the cert must be in a file? It would make deployment simpler if the cert was
>> in a resource inside the executable.
>>
>
> I agree that it would be nifty to have such a way, but we have no such API
> (yet). It has been as for before, so I'm sure you're not alone in wanting
> that ability. You up to working to get it introduced?
>
> --
>
> / daniel.haxx.se
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-- 
Camille Moncelier
http://devlife.org/
If Java had true garbage collection, most programs would
delete themselves upon execution.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-02-02