Annotation of embedaddon/curl/docs/examples/simplessl.c, revision 1.1
1.1 ! misho 1: /***************************************************************************
! 2: * _ _ ____ _
! 3: * Project ___| | | | _ \| |
! 4: * / __| | | | |_) | |
! 5: * | (__| |_| | _ <| |___
! 6: * \___|\___/|_| \_\_____|
! 7: *
! 8: * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
! 9: *
! 10: * This software is licensed as described in the file COPYING, which
! 11: * you should have received as part of this distribution. The terms
! 12: * are also available at https://curl.haxx.se/docs/copyright.html.
! 13: *
! 14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
! 15: * copies of the Software, and permit persons to whom the Software is
! 16: * furnished to do so, under the terms of the COPYING file.
! 17: *
! 18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
! 19: * KIND, either express or implied.
! 20: *
! 21: ***************************************************************************/
! 22: /* <DESC>
! 23: * Shows HTTPS usage with client certs and optional ssl engine use.
! 24: * </DESC>
! 25: */
! 26: #include <stdio.h>
! 27:
! 28: #include <curl/curl.h>
! 29:
! 30: /* some requirements for this to work:
! 31: 1. set pCertFile to the file with the client certificate
! 32: 2. if the key is passphrase protected, set pPassphrase to the
! 33: passphrase you use
! 34: 3. if you are using a crypto engine:
! 35: 3.1. set a #define USE_ENGINE
! 36: 3.2. set pEngine to the name of the crypto engine you use
! 37: 3.3. set pKeyName to the key identifier you want to use
! 38: 4. if you don't use a crypto engine:
! 39: 4.1. set pKeyName to the file name of your client key
! 40: 4.2. if the format of the key file is DER, set pKeyType to "DER"
! 41:
! 42: !! verify of the server certificate is not implemented here !!
! 43:
! 44: **** This example only works with libcurl 7.9.3 and later! ****
! 45:
! 46: */
! 47:
! 48: int main(void)
! 49: {
! 50: CURL *curl;
! 51: CURLcode res;
! 52: FILE *headerfile;
! 53: const char *pPassphrase = NULL;
! 54:
! 55: static const char *pCertFile = "testcert.pem";
! 56: static const char *pCACertFile = "cacert.pem";
! 57: static const char *pHeaderFile = "dumpit";
! 58:
! 59: const char *pKeyName;
! 60: const char *pKeyType;
! 61:
! 62: const char *pEngine;
! 63:
! 64: #ifdef USE_ENGINE
! 65: pKeyName = "rsa_test";
! 66: pKeyType = "ENG";
! 67: pEngine = "chil"; /* for nChiper HSM... */
! 68: #else
! 69: pKeyName = "testkey.pem";
! 70: pKeyType = "PEM";
! 71: pEngine = NULL;
! 72: #endif
! 73:
! 74: headerfile = fopen(pHeaderFile, "wb");
! 75:
! 76: curl_global_init(CURL_GLOBAL_DEFAULT);
! 77:
! 78: curl = curl_easy_init();
! 79: if(curl) {
! 80: /* what call to write: */
! 81: curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://your.favourite.ssl.site");
! 82: curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
! 83:
! 84: do { /* dummy loop, just to break out from */
! 85: if(pEngine) {
! 86: /* use crypto engine */
! 87: if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
! 88: /* load the crypto engine */
! 89: fprintf(stderr, "can't set crypto engine\n");
! 90: break;
! 91: }
! 92: if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
! 93: /* set the crypto engine as default */
! 94: /* only needed for the first time you load
! 95: a engine in a curl object... */
! 96: fprintf(stderr, "can't set crypto engine as default\n");
! 97: break;
! 98: }
! 99: }
! 100: /* cert is stored PEM coded in file... */
! 101: /* since PEM is default, we needn't set it for PEM */
! 102: curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
! 103:
! 104: /* set the cert for client authentication */
! 105: curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
! 106:
! 107: /* sorry, for engine we must set the passphrase
! 108: (if the key has one...) */
! 109: if(pPassphrase)
! 110: curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);
! 111:
! 112: /* if we use a key stored in a crypto engine,
! 113: we must set the key type to "ENG" */
! 114: curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);
! 115:
! 116: /* set the private key (file or ID in engine) */
! 117: curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);
! 118:
! 119: /* set the file with the certs vaildating the server */
! 120: curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);
! 121:
! 122: /* disconnect if we can't validate server's cert */
! 123: curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
! 124:
! 125: /* Perform the request, res will get the return code */
! 126: res = curl_easy_perform(curl);
! 127: /* Check for errors */
! 128: if(res != CURLE_OK)
! 129: fprintf(stderr, "curl_easy_perform() failed: %s\n",
! 130: curl_easy_strerror(res));
! 131:
! 132: /* we are done... */
! 133: } while(0);
! 134: /* always cleanup */
! 135: curl_easy_cleanup(curl);
! 136: }
! 137:
! 138: curl_global_cleanup();
! 139:
! 140: return 0;
! 141: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>