curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: using CURLOPT_SSLCERT with self-signed certificate or non-ca-signed certificates

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Sat, 30 May 2020 23:56:21 +0200 (CEST)

On Sat, 30 May 2020, Nicolas Mora via curl-library wrote:

> Is it possible with libcurl to use a self-signed client certificate?

Yes. To libcurl it doesn't matter who signed it, as long as you can verify the
signature with the CA cert bundle.

> CURLOPT_SSLCERT documentation doesn't provide information about that.

That's the option for *client certs*. That basically the opposite, when you as
a client provide a cert to the server so it can verify you.

You want CURLOPT_CAINFO which specifies the path to a PEM file containing the
root or leaf certs to verify the server with.

You can use openssl to get that CA cert from your server like this:

  $ echo quit | openssl s_client -showcerts -servername [server] -connect \
    [server]:443 > cacert.pem

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-05-30