cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: using both a Private trusted CA and ca-bundle.crt, possible?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 28 Jan 2003 16:57:42 +0100 (CET)

On Mon, 27 Jan 2003, Derek Ealy wrote:

> Using libcurl 7.10 on Windows I've figured out how to have libcurl use
> either the ca-bundle.crt for referencing sites with a cert from one of the
> common CAs, or I can specify the root cert from our own internal CA. The
> question I have is how to do both?

This is really an OpenSSL issue, but I think I know the answers...

> I would like my application to be able to reference both cert files (mine
> is a PEM generated by openssl) when trying to validate the certs that a web
> server presents.

> if (m_strCAPath.length() > 0)
> curl_easy_setopt(curl_handle, CURLOPT_CAINFO, m_strCAPath.c_str());

Well, CAINFO points out a single file, and I think you can append any number
of CA certs on that file to have them all work.

> curl_easy_setopt(curl_handle, CURLOPT_CAPATH, "c:\\downloads\\curl\\lib");
> //peace_cacert.pem");

CAPATH is the preferred way to do this, as this makes OpenSSL look in a given
directory for CA certs, but it requires that you generate some fancy files
(or whatever) using a perl script that I've been told is using symlinks or
something.

I'm not an expert on this. I'm mainly trying to repeat what I've been told by
others, and I hope I'm not mixing things up too badly.

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
Received on 2003-01-28