On Jul 2, 2013, at 11:13 AM, Jan Ehrhardt <[email protected]> wrote:
>> On Jul 1, 2013, at 5:25 PM, Vladimir Ch. <[email protected]> wrote: >> >>> I'm using libcurl on Windows, I need to implement client-side SSL >>> authentication. The catch is, client certificate, used for >>> authentication, is marked as non-exportable. It means, that I cannot >>> export it and feed to, say, OpenSSL - I need to make libcurl use native >>> Windows crypto (WinSSL / SecureChannel / whatever it's called). >>> >>> Is it possible? >> >> Unfortunately no, or at least not yet. > > Why not? There is a compile option WITH_WINSSL=static. Because the user was asking about client-side authentication, meaning the user has a security identity (a client certificate and corresponding private key), which is used to authenticate with the server. The Schannel code in libcurl uses the certificates that come with Windows to verify the server's certificate chain, but it doesn't yet support sending a client certificate to the server for authentication purposes. Implementing this is documented in the to-do list in curl_schannel.c line 43 as of the latest code in the trunk. Nick Zitzmann <http://www.chronosnet.com/> ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
