cURL / Mailing Lists / curl-library / Single Mail

curl-library

AW: Curl for https

From: Bunse, Stephan (Stephan) <stephan.bunse_at_alcatel-lucent.com>
Date: Fri, 2 Aug 2013 08:37:27 +0000

Hello,

I know about the security reasons, and the principle procedure. But right now I'm blocked with the first step: How to download the certificate? I tried to use CURLOPT_CERTINFO and investigated the result with curl_easy_getinfo with the option CURLINFO_CERTINFO. Unfortunately, the API description is somewhat vague and I need a more detailed description how to do that.

Stephan

On Aug 1, 2013, at 7:26 AM, "Bunse, Stephan (Stephan)" <stephan.bunse_at_alcatel-lucent.com> wrote:

> Hello,
>
> I want to write a program, which retrieves information using https. Unfortunately, the server has a self signed certificate, so curl fails, unless the options CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST are set to 0. That works, but I would like to download the certificate of the server, store it and check against it next time. Does anybody have an idea how to do this?

I can't really recommend programming an HTTPS client that arbitrarily accepts self-signed certificates for obvious security reasons. It's probably better to distribute the certificate with the program if it is the legitimate certificate.

Anyway, to allow libcurl to work with self-signed certificates once you have one: If you are using Schannel or Secure Transport for TLS, then you must import the certificate into the system and mark it as trusted. For all other engines, save the certificate, and pass the path to it into curl_easy_setopt() with the option CURLOPT_CAINFO.

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-02