On Aug 19, 2013, at 9:47 AM, "Xia, Bing" <[email protected]> wrote:
> Hello, > > I'm using iOS libcurl and I'm glad that it supports CURLOPT_SSLCERT option > now. But it requires we import the certificate and key into the keychain > first. Since after uninstalling an app, its keychain is not deleted, this > leaves a security hole. Could the iOS libcurl also support reading the > certificate and key from disk file instead of from keychain? Thank you. It's complicated, for largely political reasons. We can't support PEM or DER certificates, because Apple does not have a public function for creating a SecIdentityRef from file data for both the certificate and the key loaded from separate files. Apple does, however, have a function that turns P12 file data into a SecIdentityRef. I think that would solve your problem. I just noticed that the OpenSSL engine also supports P12 files in the CURLOPT_SSLCERT option, but this isn't documented anywhere AFAICT. Perhaps I ought to document this, and then add support for it in the curl_darwinssl code. Nick Zitzmann <http://www.chronosnet.com/> ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
