cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL sanity check

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 29 Dec 2006 12:00:26 +0100 (CET)

On Wed, 27 Dec 2006, Gonzalo Diethelm wrote:

> Pardon the simple question, but I need to check if my head is straight... If
> I am connecting to an HTTPS site, using my own CA, and only wish to check
> the validity of the server's certificate against the CA certificate, this is
> what I would do (with my_ca_cert = "cacert.pem"), right?
>
> curl_easy_setopt(curl, CURLOPT_URL, my_url);
> curl_easy_setopt(curl, CURLOPT_CAINFO, my_ca_cert);
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
> curl_easy_perform(curl);

Yes.

> Now, ONLY if I wanted to use a client certificate to prove my own identity
> would I do the following (with my_client_cert = "client.pem"), right?
>
> curl_easy_setopt(curl, CURLOPT_SSLCERT, my_client_cert);
> curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
> curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, "my pass phrase");
> ...
> curl_easy_perform(curl);
>
> Please confirm that I am right or tell me where I went wrong... Thanks in
> advance and best regards,

If my_client_cert is both your key and certificate concatenated, then yes.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html

Received on 2006-12-29

This message: [ Message body ]
Next message: ??????? ??????: "Re: Upload file over proxy with mandatory delay after send headers"
Previous message: Braden McDaniel: "curl_easy_cleanup modifies the stack???"
In reply to: Gonzalo Diethelm: "SSL sanity check"
Next in thread: Gonzalo Diethelm: "Re: SSL sanity check"
Reply: Gonzalo Diethelm: "Re: SSL sanity check"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]