I think SSL may be a big baffling to me as the term "CA Cert" gets used a lot but I am not to clear where libcurl looks to find these CA's.
The sample code cacertinmem.c compiles neatly and I tried to replace the contents of the "char * mypem" variable with pem contents I extracted using openssl : openssl s_client -connect www.targetsite.com:443 -CApath /usr/local/ssl/certs -showcerts I get lovely looking somewhat like : CONNECTED(00000004) depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048) verify return:1 depth=1 C = US, O = "Entrust, Inc.", OU = www.entrust.net/rpa is incorporated by reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C verify return:1 depth=0 C = US, ST = New York, L = New York, O = Some Company Name, CN = www.targetsite.com verify return:1 So that looks quite nice. I am thinking, based on the docs for curl_easy_setopt, that I can set a filename via CURLOPT_SSLCERT that contains a bundle of PEM data with the required PEM goodness in it like so : $ cat /usr/local/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem \ > /usr/local/ssl/certs/Entrust.net_Secure_Server_CA.pem \ > /usr/local/ssl/certs/Entrust_Root_Certification_Authority.pem > Entrust_bundle Then somehow, magically, watch libCurl use that as the place to look for a CA Cert. Am I on the right path here ? dc ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
