> From: curl-library [[email protected]] on behalf of Hölzl,
> Dominik [[email protected]]
> Subject: libcURL - OSX 10.10 - client certificates (CURLOPT_SSLCERT)
>
> Has anybody experience with client certificates (CURLOPT_SSLCERT) on Mac OSX
> (10.10)?
Yes, but not on OSX specifically.
> I could not find a callback method which indicates the requirement of a
> client certificate for a request (a point where I can ask the user to select
> one of the in the key store installed client certificates).
Use CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called during setup of
an SSL connection. From this function, use SSL_CTX_set_client_cert_cb to set
the callback you're looking for:
int sslClientCertCallback(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
{
// At this point you can set the client cert immediately by filling in x509
and pkey, or return a code to suspend the handshake if you need to prompt for
the cert asynchronously. See
https://www.openssl.org/docs/ssl/SSL_CTX_set_client_cert_cb.html.
}
CURLcode sslContextCallback(CURL *handle, SSL_CTX *context, void *userdata)
{
SSL_CTX_set_client_cert_cb(context, &sslClientCertCallback);
return EOK;
}
curl_easy_setopt(handle, CURLOPT_SSL_CTX_FUNCTION, &sslContextCallback);
curl_easy_setopt(handle, CURLOPT_SSL_CTX_DATA, userdata);
> If I want to use another client certificate (by setting another CN) within
> the same process but for a new request, cURL seems to ignore this and always
> uses the certificate used in the first successful
> request. How can I clear this SSL-cache? I have tried
> CURLOPT_FRESH_CONNECT/TRUE and CURLOPT_SSL_SESSIONID_CACHE/FALSE without
> effect.
>
> If I do not set CURLOPT_SSLCERT for a request, cURL seems to take a random
> installed certificate (not the certificate configured by an identity
> preference in the key store) or it randomly throws a
> CURLE_SSL_CONNECT_ERROR.
I've never seen these issues.
Joe
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
