cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS with LIBCURL issue

From: Karandeep Malik <karandeepmalik_at_gmail.com>
Date: Tue, 12 Aug 2008 23:15:44 +0530

On Tue, Aug 12, 2008 at 7:53 PM, Karandeep Malik
<karandeepmalik_at_gmail.com> wrote:
> On Tue, Aug 12, 2008 at 7:25 PM, Aravinda babu <aravinda.babu_at_gmail.com> wrote:
>> Hi all,
>>
>> When any application tries to access an https based url and suppose the host
>> server presents a self signed certificate then ssl fails to authenticate the
>> certificate. Hence application is unable to access the website.
>>
>> The same url when accessed using a mozilla or some other browser then it
>> throws up a dialog warning whether to accept, reject or examine the
>> certificate. If the user choses to accept the certificate then the browser
>> proceeds further and connects to the page.I want to develop this type of
>> functionality using libcurl.
>>
>> I am using libcurl 7.18.2. Is any way to get this functionality ?
>>
>> Thanks in advance,
>> Aravind.
>>
>
> Hi Arvind,
>
> A few checks
> 1) Does your CA authorities certifcate contains the certificate that
> the host server is presenting you ??
> 2) What is the exact error you are getting ??
>
> Second part of your query:-
> 1) There is a call back function in libcurl that may allow you to do
> whatever you like with the certificate presented by the host server.
> I haven't used it -> CURLOPT_SSL_CTX_FUNCTION. Probably this is what
> may help you.
>
> Regards
> Karandeep Malik
>

Actually you can place your self signed certificate presented by
server as the CA authority, it would work. But if the server is going
to be different each time then, that may be a problem. Though if this
is a certain small number say 'n', you can always add all those 'n'
into the CA cert, it should work fine. But what we are tring to do
here is possibly find a solution and not evade a problem :).

Regards
Karandeep Malik
Received on 2008-08-12