cURL / Mailing Lists / curl-library / Single Mail


Re: htts SSLRequire feature

From: Daniel Stenberg <>
Date: Sat, 12 Oct 2002 23:39:25 +0200 (MET DST)

On Sat, 12 Oct 2002, Xavier Jeannin wrote:

> I am trying to perform a connection to a Web application (like TUTOS writed
> in PHP) directly authenticated by my certificate. So I write a php program
> "logcertif.php" thanks to cURL that performs the login on TUTOS based on
> the information that I can collect in Apache environnement variable on the
> user Certificate. cURL work fine if I use only SSL.

"only SSL" ?

> If I ask to Apach a "SSLRequire" order in apache configuration to select
> who can use TUTOS, it does not work.

Your PHP program uses curl to access a remote site, right? This "SSLRequire"
keyword is used in the Apache that limits the access to your PHP program?

So how can a limit in Apache that hinders wrong people to run your program
affect curl, and how can curl know about that?

> SSL complains, I suppose it is due because it is not the same SSL session
> number between the browser to my program "logcertif.php" and my program
> "logcertif.php" on my server to TUTOS on my server.

I really don't follow you here. Are you saying that you browse the page with
your PHP program using HTTPS and that fails? If so, how does that involve
curl the slightest bit?

I must be stupid, but I just don't understand what you're trying to do and
how this can be a curl problem. Can you be somewhat more elaborate? Let me
show you how I interpret what you describes:

 BROWSER ----(HTTPS1)--> your PHP program using curl ----(HTTPS2)--> TUTOS

And you're having problem with the HTTPS1? Or are you saying that the HTTPS2
connection is not working? What connection is the Apache serving that you
have your SSLRequest in?

> I have read in list archive that this feature is not implemented in cURL. I
> have seen that this feature has been included in the ToDo list.

> "Add an interface to libcurl that enables "session IDs" to get
> exported/imported. Cris Bailiff said: "OpenSSL has functions which can
> serialise the current SSL state to a buffer of your choice, and
> recover/reset the state from such a buffer at a later date - this is used
> by mod_ssl for apache to implement and SSL session ID cache". This whole
> idea might become moot if we enable the 'data sharing' as mentioned in the
> LIBCURL label above. "

I think your confusing matters very much here. That missing feature would
mainly be useful for SSL session ID caching to work between multiple curl
handles (and similar). I can't see how that would make a difference to you.

> Could you confirm you that it not for the moment possible to do what I want
> with cURL ? If it is the case do you know if this feature will be
> implemented ?

I don't understand what you want to do yet!

Perhaps someone else understood better and can supply a more accurate answer.

> PS: Sorry if my question is not in the right list ?

It seems like the right list, yes.

 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
This email is sponsored by:ThinkGeek
Welcome to geek heaven.
Received on 2002-10-12