Hello,

I am using libCURL for client cert authentication is any body has worked on
this before.

I am in bit confusion regarding this client cert authentication.

Apache (1.3) webserver's httpd.conf file contains one directive
SSLVerifyClient, if we set it to require then browser will ask us client
certificate and after supplying the client cert it will show apache welcome
page.

Suppose if I try this functionality thr' the code as below by setting this
directive to wither optional or none then it is working fine.

curl_easy_setopt(curl, CURLOPT_URL, https://ps0733:7878/);

if(rc=curl_easy_setopt(curl,CURLOPT_CAPATH,"/home/qa/software/ws/apache/apac
he-1.3.33_ssl_7878/conf/root_ca_cert.pem")!=CURLE_OK)

{

fprintf(headerfile,"can't set ca path\n");

}

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST,1);

res = curl_easy_perform(curl);

however if we set this directive to require then it will show the attached
log contains. also Webserver log shows following thing,

OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return a certificate [Hint: No CAs known to server for verification?]

that means server is waiting for client certificate. can you please let me
know your view to address this issue.

Also please let me kno what exactly CURLOPT_SSL_VERIFYPEER does.

Regards

Aniruddha

Aniruddha Diwakar
Persistent Systems Pvt Ltd.
Tel : 25678900 X : 2490