Hi I am using libcurl in conjunction with OpenSSL.
I would like to receive a callback whenever an SSL connection requests a client certificate. I see this can be done with OpenSSL's SSL_CTX_set_client_cert_cb. This fits in nicely with CURLOPT_SSL_CTX_FUNCTION, which instructs libcurl to call back whenever a new SSL connection is being created; the prototype is: CURLcode (*ssl_ctx_fn)(CURL* curl, SSL_CTX* sslctx, void* param) The problem I have is mapping the OpenSSL client certificate callback to a CURL*. The callback has this prototype: int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); i.e. it gives me an SSL*, from which I can get the corresponding SSL_CTX*, which I can then map back to a CURL*. However, it might map back to the "wrong" CURL*, say if SSL re-negotiation takes place: - CURL* 1 makes a request to an HTTPS URL which doesn't require a client cert; libcurl calls back when the SSL_CTX is created - CURL* 2 then makes another request to an HTTPS URL on the same server (thus re-using the connection), however this URL *does* require a client cert so OpenSSL calls the client_cert_cb The SSL* provided will map to the SSL_CTX* from the first request, and from there back to CURL* 1, which is not correct. I guess the underlying problem is that I can't find any way to associate the SSL* with a CURL*. Does anyone have any ideas, or would I have to modify the libcurl source? Dave w ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
