Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: [DKIM] How to send intermediate certificate?

From: Jun Sun via curl-library <curl-library_at_cool.haxx.se>
Date: Sat, 6 Apr 2019 19:43:14 -0700

Wow! it was actually pretty easy to use pkcs12 file directly with libcurl.
As expected libcurl/openssl will automatically sends any intermediate
certificates from pkcs12 file.

I modified simplessl.c file a little bit. Here are the relevant lines I
used, which hopefully can help others looking for the same information.

Jun

     curl = curl_easy_init();
     curl_easy_setopt(curl, CURLOPT_URL, "https://your.host.com");
     curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
      curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "P12");
      curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
      curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase); // the
password for key used by pkcs12 file (for the key)

     // disable server verification because we did not set up ca cert
     curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);

* res = curl_easy_perform(curl);*

On Fri, Apr 5, 2019 at 9:57 AM Jun Sun <jsun_at_junsun.net> wrote:

> Thanks for pointing it out!
>
> It looks like libcurl will automatically send intermediate certs from
> pkcs12 file. This is actually the exact case of mine! So far I have been
> parsing pkcs12 file myself and read those certs/key into memory. It looks
> like there is an easier way to use libcurl directly parsing pkcs12 file.
>
> Is there an existing example I can try that approach?
>
> Jun
>
> On Fri, Apr 5, 2019 at 2:26 AM Zakrzewski, Jakub via curl-library <
> curl-library_at_cool.haxx.se> wrote:
>
>>
>> ------------------------------
>> *From:* curl-library <curl-library-bounces_at_cool.haxx.se> on behalf of
>> Jun Sun via curl-library <curl-library_at_cool.haxx.se>
>>
>> > I have followed the example of using user certificate in memory,
>> https://curl.haxx.se/libcurl/c/usercertinmem.html , and it worked great!
>>
>> > In my environment, however, we have an intermediate CA and the client
>> needs to sends its certificate to server as well. How do I do that?
>>
>>
>> I guess you have to work with OpenSSL function
>> like SSL_CTX_add_extra_chain_cert.
>>
>> libcurl seems to use it also:
>> https://github.com/curl/curl/blob/efd9fba68189c70c2a48d9726b25df25ba87fcd0/lib/vtls/openssl.c#L799%e2%80%8b
>>
>> -------------------------------------------------------------------
>> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
>> Etiquette: https://curl.haxx.se/mail/etiquette.html
>
>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-04-07