On Sat, Aug 18, 2012 at 5:52 PM, Chris Baylis <[email protected]> wrote:
> Hello, > > I am trying to use libcurl in C to connect a site that uses client SSL > authentication. > I can acheive this task with curl, but not libcurl. > > Successful example with curl > $ curl -vv -E cert.pem https://someURL > * About to connect() to someURL port 443 (#0) > * Trying 1.2.3.4... connected > * Connected to someURL (1.2.3.4) port 443 (#0) > Enter PEM pass phrase: > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > .... > .... > ... > Webpages dowloads succesfully and I can see some debuging output I added in > PHP verifying that the client certificate was used. > > I have taken the simplessl.c example from the your site and changed only > the > following lines so far. > > const char *pPassphrase = "<PASSWORD SET HERE>"; > static const char *pCertFile = "cert.pem"; > static const char *pCACertFile="cert.pem"; > pKeyName = "cert.pem"; > pKeyType = "PEM"; > pEngine = NULL; > curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); > > The result of this is as follows > $ gcc -lcurl simplessl.c > $ ./a.out > * About to connect() to https://someURL port 443 (#0) > * Trying 1.2.3.4... * connected > * Connected to someURL (1.2.3.4) port 443 (#0) > * found 142 certificates in /etc/ssl/certs/ca-certificates.crt > * error reading X.509 key or certificate file > * Closing connection #0 > * SSL connect error > curl_easy_perform() failed: SSL connect error Does your cert.pem contain the chain of CA certs that signed your client certificate? You have a working command-line already, so you can use the --libcurl option to get the equivalent source file (with the exception of formpost stuff as mentioned in the man page): curl --libcurl myCurlSsl.c -w -E cert.pem https://some.site.com Ralph Mitchell
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
