cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Libcurl - client SSL authentication with native windows crypto - is it possible?

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Tue, 2 Jul 2013 12:00:59 -0600

On Jul 2, 2013, at 11:13 AM, Jan Ehrhardt <phpdev_at_ehrhardt.nl> wrote:

>> On Jul 1, 2013, at 5:25 PM, Vladimir Ch. <cctv.star_at_gmail.com> wrote:
>>
>>> I'm using libcurl on Windows, I need to implement client-side SSL
>>> authentication. The catch is, client certificate, used for
>>> authentication, is marked as non-exportable. It means, that I cannot
>>> export it and feed to, say, OpenSSL - I need to make libcurl use native
>>> Windows crypto (WinSSL / SecureChannel / whatever it's called).
>>>
>>> Is it possible?
>>
>> Unfortunately no, or at least not yet.
>
> Why not? There is a compile option WITH_WINSSL=static.

Because the user was asking about client-side authentication, meaning the user has a security identity (a client certificate and corresponding private key), which is used to authenticate with the server. The Schannel code in libcurl uses the certificates that come with Windows to verify the server's certificate chain, but it doesn't yet support sending a client certificate to the server for authentication purposes. Implementing this is documented in the to-do list in curl_schannel.c line 43 as of the latest code in the trunk.

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-07-02