On 6/7/2016 6:16 AM, David Morris wrote:
>
> *Question 1*
>
> Does schannel support using SSL certificates for authentication, the
> following code snippet from /static CURLcode/
>
> /schannel_connect_step2(struct connectdata *conn, int sockindex)/
> indicates that it doesn’t.
>
> /* If the server has requested a client certificate, attempt to continue
>
> the handshake without one. This will allow connections to servers which
>
> request a client certificate but do not require it. */
>
> if(sspi_status == SEC_I_INCOMPLETE_CREDENTIALS &&
>
> !(connssl->req_flags & ISC_REQ_USE_SUPPLIED_CREDS)) {
>
> connssl->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS;
>
> connssl->connecting_state = ssl_connect_2_writing;
>
> infof(data, "schannel: a client certificate has been requested\n");
>
> return CURLE_OK;
>
> }
>
> *Question 2*
>
> Assuming schannel supports the functionality I’m after, I’m unsure
> what values I should be putting for SSLCERT or SSLCERT should be the
> name of the certificate in the windows keystore or the path to a
> certificate. The NSS examples seem to indicate a path but neither
> seem to work for me. Is there an example anywhere?
>

AFAIK curl w/ schannel does not support SSLCERT or allow specifying the
user certificate [1]. Patches welcome. Whether schannel may
automatically use a user certificate from the user's Windows certificate
storage I don't know.

[1]: https://curl.haxx.se/docs/todo.html#Add_support_for_client_certifica

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-06-08