On Mon, Mar 21, 2011 at 17:07, plot.lost <plot.lost_at_gmail.com> wrote:
> I am trying to connect to a systems (https) that requires client
> certificates, using the curl_easy interface.
>
> I think I've set the required options (CURLOPT_SSLCERT and CURLOPT_SSLKEY)
> but the connection gets rejected.
>
> According to the system I am connecting to, it's because the client
> certificate "does not have the chaining setup. The Root and CA should be
> trusted"
>
> Now, I thought that the server held these and uses them to verify the client
> certificate. If that is not the case, does anyone have any clues as to what
> I need to do? I've tried adding the CA and Root certificates into the same
> file that holds the client certificate, that made no difference. Is there an
> additional curl_easy_setopt that needs to be done to add this "chaining
> setup"?
>
> I can confirm that the client certificate has been signed by the correct CA,
> but for some reason the system rejects the connection and this is the reason
> they give.

You can point libcurl to the CA or CAs with CURLOPT_CAINFO and
CURLOPT_CAPATH. The first option takes a filename, the second one the
name of a directory containing certificates (e.g. "/etc/ssl/certs/").
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-03-21