I created an app which uses libcurl to post some data to 5 different servers. To keep it a closed and secure system, they're giving me the public keys for the 5 server, which I store in my app. ie: server1.foo.com = [cert1], server2.foo.com = [cert2].
I'm supposed to hardcode it so that when I do the http post to their server, I will ONLY connect to the server with the cert they gave me for it. And, when they receive the http post, they will only accept it if it's coming from my specific server. So, if I do: 'curl https://something.com' it will fail, even if something.com is a totally legit server with a valid key, unless the public key is the one I specify. I'm reading the docs for CURLOPT_SSLCERT but it says: "The string should be the file name of your certificate". I'm assuming YOUR certificate, means this isn't referring to the public key on the server which I will accept. While googling for how to do this I saw this post: http://curl.haxx.se/mail/curlphp-2005-11/0044.html which says that to use CURLOPT_SSLCERT I need to set a path to a private key. Which seems confusing because normal https afaik involves just 1 key -- a public key which you get from the server. And I wasn't sure why limiting curl to using a specific public key would require a private key. Unless I'm missing the purpose of CURLOPT_SSLCERT and it's not used to verify a specific key from a server. Separately, in my case, though, they want to use 'mutual' authentication where I actually DO have my own key on top of this. I assumed CURLOPT_SSLKEY is the correct option to set my private key, and that if I set this, then the curl request would use mutual authentication instead of simple. But I wasn't clear on this from the docs. Anybody know if there's some resource this process a bit more in depth? Thanks ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
