-----Original Message----- From: curl-library [mailto:[email protected]] On Behalf Of Nick Zitzmann Sent: Monday, August 19, 2013 3:31 PM To: libcurl development Subject: Re: Could the iOS libcurl support CURLOPT_SSLCERT from disk file
>On Aug 19, 2013, at 9:47 AM, "Xia, Bing" wrote: > >Hello, > > >> I'm using iOS libcurl and I'm glad that it supports CURLOPT_SSLCERT option >> now. But it requires we import the certificate and key into the keychain >> first. Since after uninstalling an app, its keychain is not deleted, this >> leaves a security hole. Could the iOS libcurl also support reading the >> certificate and key from disk file instead of from keychain? Thank you. >It's complicated, for largely political reasons. We can't support PEM or DER >certificates, because Apple does not have a public function for creating a >SecIdentityRef from file data for both the certificate and the key loaded from >separate files. >Apple does, however, have a function that turns P12 file data into a >SecIdentityRef. I think that would solve your problem. I just noticed that the >OpenSSL engine also supports P12 files in the CURLOPT_SSLCERT option, but this >isn't documented anywhere AFAICT. Perhaps I ought to document this, and then >add support for it in the curl_darwinssl code. Thank you. It would be great if you could add it. We're currently using P12 and Apple network APIs for the client certificate and hoping to switch to libcurl for all platforms. Regards, Bing ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
