On Mon, Mar 21, 2011 at 17:56, plot.lost <[email protected]> wrote: > I thought the CURLOPT_CAINFO / CAPATH was used for specifying certificates > that are used by curl to verify the server certificate, not anything that > are used as part of the client certificate processing.
Ah, it kind of depends. But if you can use PKCS12... > I've tried building a pkcs12 file that contains the client certificate and > the relevant CA/Root certificates, and then converted that back into a > single PEM file. That gets a PEM file that is different to the usual method > of just sticking the certificates together - there are additional elements > before each certificate (Bag Attributes, subject and issuer) but that is > also rejected by the server. ...then it's probably easiest to use that. Here is what you do: 1. Set CURLOPT_SSLCERT to the filename of the .p12 2. Set CURLOPT_SSLCERTTYPE to the string "P12" That should be all, libcurl will set up the CA chain for you. ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
