cURL / Mailing Lists / curl-library / Single Mail

curl-library

Using libcurl with live memory SSL certificates

From: SinghLevett, Ishan <Ishan.SinghLevett_at_baesystemsdetica.com>
Date: Wed, 17 Apr 2013 14:28:41 +0100

Hi,

I'm currently trying to use libcurl to get a page from an https site
using a PEM certificate loaded in live memory (based on the cacertinmem
example).

I can get the page with no problems if I use a certificate file on disk
and perform the following:

curl_easy_setopt(curl, CURLOPT_SSLCERT, "c:\My Certificate.pem");

Before calling curl_easy_perform().

However, if I use the following option instead:

curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);

Using the same CTX function from 'cacertinmem.c' except with the
contents of my certificate instead of the example, I get an "SSL Connect
Error" when I call curl_easy_perform().

I've used the verbose feature along with the debug callback to extract
this debug output:

SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Request CERT (13):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS alert, Server hello (2):
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure
Closing connection #0
SSL connect error

Can anyone explain what I am doing wrong here? I have a feeling I've
misunderstood something fundamental but don't have much experience with
these protocols so can't see what. Any help would be much appreciated.
If it helps I'm using the CURLOPT_SSL_VERIFYPEER flag set to 0.

Thanks
Please consider the environment before printing this email.

This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately.

Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory.

The contents of this email may relate to dealings with other companies under the control of BAE Systems plc details of which can be found at http://www.baesystems.com/Businesses/index.htm.

Detica Limited is a BAE Systems company trading as BAE Systems Detica.
Detica Limited is registered in England and Wales under No: 1337451.
Registered office: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-17

This message: [ Message body ]
Next message: Alexander.Elgert_at_external.t-systems.com: "AW: ipv4 coredump in openssl CRYPTO_malloc ... *strange*"
Previous message: Nick Zitzmann: "Re: How to do sftp without an SSH agent"
Next in thread: SinghLevett, Ishan: "RE: Using libcurl with live memory SSL certificates"
Reply: SinghLevett, Ishan: "RE: Using libcurl with live memory SSL certificates"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]