Re: [DKIM] How to send intermediate certificate?

Sat, 06 Apr 2019 19:50:56 -0700 

Wow! it was actually pretty easy to use pkcs12 file directly with libcurl.
As expected libcurl/openssl will automatically sends any intermediate
certificates from pkcs12 file.

I modified simplessl.c file a little bit.  Here are the relevant lines I
used, which hopefully can help others looking for the same information.

Jun

     curl = curl_easy_init();
     curl_easy_setopt(curl, CURLOPT_URL, "https://your.host.com";);
     curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
      curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "P12");
      curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
      curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);   // the
password for key used by pkcs12 file (for the key)

     // disable server verification because we did not set up ca cert
     curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);

*      res = curl_easy_perform(curl);*



On Fri, Apr 5, 2019 at 9:57 AM Jun Sun <j...@junsun.net> wrote:

> Thanks for pointing it out!
>
> It looks like libcurl will automatically send intermediate certs from
> pkcs12 file.  This is actually the exact case of mine!  So far I have been
> parsing pkcs12 file myself and read those certs/key into memory.  It looks
> like there is an easier way to use libcurl directly parsing pkcs12 file.
>
> Is there an existing example I can try that approach?
>
> Jun
>
> On Fri, Apr 5, 2019 at 2:26 AM Zakrzewski, Jakub via curl-library <
> curl-library@cool.haxx.se> wrote:
>
>>
>> ------------------------------
>> *From:* curl-library <curl-library-boun...@cool.haxx.se> on behalf of
>> Jun Sun via curl-library <curl-library@cool.haxx.se>
>>
>> > I have followed the example of using user certificate in memory,
>> https://curl.haxx.se/libcurl/c/usercertinmem.html , and it worked great!
>>
>> > In my environment, however, we have an intermediate CA and the client
>> needs to sends its certificate to server as well.  How do I do that?
>>
>>
>> I guess you have to work with OpenSSL function
>> like SSL_CTX_add_extra_chain_cert.
>>
>> libcurl seems to use it also:
>> https://github.com/curl/curl/blob/efd9fba68189c70c2a48d9726b25df25ba87fcd0/lib/vtls/openssl.c#L799​
>>
>> -------------------------------------------------------------------
>> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
>> Etiquette:   https://curl.haxx.se/mail/etiquette.html
>
>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Reply via email to