Hello!

Has anybody experience with client certificates (CURLOPT_SSLCERT) on Mac OSX (10.10)?



I am currently setting the CN of a certificate installed in the key store with this option which basically works.



But I have following problems:



· I could not find a callback method which indicates the requirement of a client certificate for a request (a point where I can ask the user to select one of the in the key store installed client certificates). Is there a distinct way to do this?

· If I set CURLOPT_SSLCERT to an empty string, cURL sometimes (I have not yet figured out when this exactly happens) gives me a CURLE_SSL_CONNECT_ERROR if a client certificate is required for a request where I know to ask the user for a certificate and retry the request. But as this is not reliable I need a callback function for this mentioned above.

· If I want to use another client certificate (by setting another CN) within the same process but for a new request, cURL seems to ignore this and always uses the certificate used in the first successful request. How can I clear this SSL-cache? I have tried CURLOPT_FRESH_CONNECT/TRUE and CURLOPT_SSL_SESSIONID_CACHE/FALSE without effect.

· If I do not set CURLOPT_SSLCERT for a request, cURL seems to take a random installed certificate (not the certificate configured by an identity preference in the key store) or it randomly throws a CURLE_SSL_CONNECT_ERROR.



Can anybody help?



Best regards,

Dominik

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-03