RE: Using the X.509 certificates of the Windows certificate store via libcurl

* * via curl-library Wed, 19 Jun 2019 06:20:01 -0700

Thanks Christian and Daniel for your replies. The code samples 
(https://curl.haxx.se/mail/meet-2017-03/0030.html and 
https://www.mbsplugins.de/archive/2019-03-30/Using_system_SSL_Certificates_) 
that you referenced provided the missing piece that I required to make it work.


It comes down to utilizing the CURLOPT_SSL_CTX_FUNCTION SSL context callback. 
Within that function, Mbed TLS's "mbedtls_ssl_conf_ca_chain" function can be 
called to submit the certificates that were extracted from the Windows 
certificate store. The code to do so looks as follows:

CURLcode ssl_ctx_callback(CURL* curl, void* ssl_ctx, void* userptr)
{
  mbedtls_ssl_config* ssl_config = (mbedtls_ssl_config*)ssl_ctx;
  mbedtls_ssl_conf_ca_chain(ssl_config, certificateChain, NULL); // The last 
parameter is the certificate revocation list
  return CURLE_OK;
}

"certificateChain" is the certificate that is returned by the 
"build_windows_ca_chain" function that I sent in the previous email. It's a 
struct that has a pointer to another struct of the same type which is used to 
build a chain of certificates. That is the format Mbed TLS expects to get all 
root certificates. So the code I hacked into "mbedtls.c" is completely 
unnecessary.

Regards
Philip


-----Original Message-----
From: curl-library [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of 
Christian Schmitz via curl-library
Sent: Mittwoch, 19. Juni 2019 08:12
To: libcurl development
Cc: Christian Schmitz
Subject: Re: Using the X.509 certificates of the Windows certificate store via 
libcurl



> So, I attempted to just use Mbed TLS on Windows as well.

We did that with OpenSSL, as you can read here:

https://www.mbsplugins.de/archive/2019-03-30/Using_system_SSL_Certificates_


Sincerely
Christian

-- 
Read our blog about news on our plugins:

http://www.mbsplugins.de/


-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

RE: Using the X.509 certificates of the Windows certificate store via libcurl

Reply via email to