cURL / Mailing Lists / curl-library / Single Mail


Re: Using a client certificate when doing SSL

From: Camille Moncelier <>
Date: Tue, 2 Feb 2010 10:34:54 +0100

If you need a temporary solution you can use CURLOPT_SSL_CTX_FUNCTION

curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_ssl_ctx_function);
curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, NULL);

CURLcode curl_ssl_ctx_function(CURL * curl, void * sslctx, void * parm) {
  SSL_CTX * ctx = (SSL_CTX *) sslctx;
  // Play with SSL Context
  return CURLE_OK ;

On Mon, Feb 1, 2010 at 11:16 PM, Daniel Stenberg <> wrote:

> On Thu, 28 Jan 2010, Adrian Michel wrote:
> My app uses libcurl to make https requests based on this example
>> and I do not use a client side
>> certificate. My goal is not to authenticate the server, as I also control
>> the server side, but to ensure the requests and responses are encrypted. I'm
>> wondering though if not having a client side certificate could make the
>> application less secure, or have any other unintended consequences.
> No, it won't make your client-side less secure, it will possibly make the
> server-side less sure of who's really communication with it.
> There's no additional encryption or anything going on when you use a client
> certificate, it is "just" an added certificate.
> Also, when using a client certificate with libcurl, is there a way to pass
>> it from memory instead of a file? Or is it required by the standards that
>> the cert must be in a file? It would make deployment simpler if the cert was
>> in a resource inside the executable.
> I agree that it would be nifty to have such a way, but we have no such API
> (yet). It has been as for before, so I'm sure you're not alone in wanting
> that ability. You up to working to get it introduced?
> --
> /
> -------------------------------------------------------------------
> List admin:
> Etiquette:

Camille Moncelier
If Java had true garbage collection, most programs would
delete themselves upon execution.

List admin:
Received on 2010-02-02