Nick Zitzmann in gmane.comp.web.curl.library (Tue, 2 Jul 2013 09:52:52 -0600): >On Jul 1, 2013, at 5:25 PM, Vladimir Ch. <[email protected]> wrote: > >> I'm using libcurl on Windows, I need to implement client-side SSL >>authentication. The catch is, client certificate, used for >>authentication, is marked as non-exportable. It means, that I cannot >>export it and feed to, say, OpenSSL - I need to make libcurl use native >>Windows crypto (WinSSL / SecureChannel / whatever it's called). >> >> Is it possible? > >Unfortunately no, or at least not yet.
Why not? There is a compile option WITH_WINSSL=static. With OpenSSL: curl 7.31.0 (i386-pc-win32) libcurl/7.31.0 OpenSSL/1.0.1e zlib/1.2.8libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM SPNEGO SSL SSPI libz This curl.exe needs a bundle of keys. curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. But this one: curl 7.31.0 (i386-pc-win32) libcurl/7.31.0 WinSSL zlib/1.2.8 WinIDN Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM SPNEGO SSL SSPI libz retrieves a https URL witlout any complaints. It must be using the system certificates. Compile statement: nmake /f makefile.vc mode=static VC=9 MACHINE=x86 WITH_DEVEL=../../win32build USE_IDN=yes WITH_WINSSL=static WITH_ZLIB=static The libcurl_a.lib should do the trick as well, I think. Jan ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
