On Mon, Mar 21, 2011 at 17:07, plot.lost <[email protected]> wrote: > I am trying to connect to a systems (https) that requires client > certificates, using the curl_easy interface. > > I think I've set the required options (CURLOPT_SSLCERT and CURLOPT_SSLKEY) > but the connection gets rejected. > > According to the system I am connecting to, it's because the client > certificate "does not have the chaining setup. The Root and CA should be > trusted" > > Now, I thought that the server held these and uses them to verify the client > certificate. If that is not the case, does anyone have any clues as to what > I need to do? I've tried adding the CA and Root certificates into the same > file that holds the client certificate, that made no difference. Is there an > additional curl_easy_setopt that needs to be done to add this "chaining > setup"? > > I can confirm that the client certificate has been signed by the correct CA, > but for some reason the system rejects the connection and this is the reason > they give.
You can point libcurl to the CA or CAs with CURLOPT_CAINFO and CURLOPT_CAPATH. The first option takes a filename, the second one the name of a directory containing certificates (e.g. "/etc/ssl/certs/"). ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
