Great, thanks for taking the time and best regards.

On Fri, 2006-12-29 at 12:00 +0100, Daniel Stenberg wrote:

> On Wed, 27 Dec 2006, Gonzalo Diethelm wrote:
>
> > Pardon the simple question, but I need to check if my head is straight... If
> > I am connecting to an HTTPS site, using my own CA, and only wish to check
> > the validity of the server's certificate against the CA certificate, this is
> > what I would do (with my_ca_cert = "cacert.pem"), right?
> >
> > curl_easy_setopt(curl, CURLOPT_URL, my_url);
> > curl_easy_setopt(curl, CURLOPT_CAINFO, my_ca_cert);
> > curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
> > curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
> > curl_easy_perform(curl);
>
> Yes.
>
> > Now, ONLY if I wanted to use a client certificate to prove my own identity
> > would I do the following (with my_client_cert = "client.pem"), right?
> >
> > curl_easy_setopt(curl, CURLOPT_SSLCERT, my_client_cert);
> > curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
> > curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, "my pass phrase");
> > ...
> > curl_easy_perform(curl);
> >
> > Please confirm that I am right or tell me where I went wrong... Thanks in
> > advance and best regards,
>
> If my_client_cert is both your key and certificate concatenated, then yes.
>

-- 
Gonzalo Diethelm
gonzalo.diethelm_at_aditiva.com