Annotation of embedaddon/curl/docs/examples/simplessl.c, revision 1.1.1.1
1.1 misho 1: /***************************************************************************
2: * _ _ ____ _
3: * Project ___| | | | _ \| |
4: * / __| | | | |_) | |
5: * | (__| |_| | _ <| |___
6: * \___|\___/|_| \_\_____|
7: *
8: * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
9: *
10: * This software is licensed as described in the file COPYING, which
11: * you should have received as part of this distribution. The terms
12: * are also available at https://curl.haxx.se/docs/copyright.html.
13: *
14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15: * copies of the Software, and permit persons to whom the Software is
16: * furnished to do so, under the terms of the COPYING file.
17: *
18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19: * KIND, either express or implied.
20: *
21: ***************************************************************************/
22: /* <DESC>
23: * Shows HTTPS usage with client certs and optional ssl engine use.
24: * </DESC>
25: */
26: #include <stdio.h>
27:
28: #include <curl/curl.h>
29:
30: /* some requirements for this to work:
31: 1. set pCertFile to the file with the client certificate
32: 2. if the key is passphrase protected, set pPassphrase to the
33: passphrase you use
34: 3. if you are using a crypto engine:
35: 3.1. set a #define USE_ENGINE
36: 3.2. set pEngine to the name of the crypto engine you use
37: 3.3. set pKeyName to the key identifier you want to use
38: 4. if you don't use a crypto engine:
39: 4.1. set pKeyName to the file name of your client key
40: 4.2. if the format of the key file is DER, set pKeyType to "DER"
41:
42: !! verify of the server certificate is not implemented here !!
43:
44: **** This example only works with libcurl 7.9.3 and later! ****
45:
46: */
47:
48: int main(void)
49: {
50: CURL *curl;
51: CURLcode res;
52: FILE *headerfile;
53: const char *pPassphrase = NULL;
54:
55: static const char *pCertFile = "testcert.pem";
56: static const char *pCACertFile = "cacert.pem";
57: static const char *pHeaderFile = "dumpit";
58:
59: const char *pKeyName;
60: const char *pKeyType;
61:
62: const char *pEngine;
63:
64: #ifdef USE_ENGINE
65: pKeyName = "rsa_test";
66: pKeyType = "ENG";
67: pEngine = "chil"; /* for nChiper HSM... */
68: #else
69: pKeyName = "testkey.pem";
70: pKeyType = "PEM";
71: pEngine = NULL;
72: #endif
73:
74: headerfile = fopen(pHeaderFile, "wb");
75:
76: curl_global_init(CURL_GLOBAL_DEFAULT);
77:
78: curl = curl_easy_init();
79: if(curl) {
80: /* what call to write: */
81: curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://your.favourite.ssl.site");
82: curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
83:
84: do { /* dummy loop, just to break out from */
85: if(pEngine) {
86: /* use crypto engine */
87: if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
88: /* load the crypto engine */
89: fprintf(stderr, "can't set crypto engine\n");
90: break;
91: }
92: if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
93: /* set the crypto engine as default */
94: /* only needed for the first time you load
95: a engine in a curl object... */
96: fprintf(stderr, "can't set crypto engine as default\n");
97: break;
98: }
99: }
100: /* cert is stored PEM coded in file... */
101: /* since PEM is default, we needn't set it for PEM */
102: curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
103:
104: /* set the cert for client authentication */
105: curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
106:
107: /* sorry, for engine we must set the passphrase
108: (if the key has one...) */
109: if(pPassphrase)
110: curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);
111:
112: /* if we use a key stored in a crypto engine,
113: we must set the key type to "ENG" */
114: curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);
115:
116: /* set the private key (file or ID in engine) */
117: curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);
118:
119: /* set the file with the certs vaildating the server */
120: curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);
121:
122: /* disconnect if we can't validate server's cert */
123: curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
124:
125: /* Perform the request, res will get the return code */
126: res = curl_easy_perform(curl);
127: /* Check for errors */
128: if(res != CURLE_OK)
129: fprintf(stderr, "curl_easy_perform() failed: %s\n",
130: curl_easy_strerror(res));
131:
132: /* we are done... */
133: } while(0);
134: /* always cleanup */
135: curl_easy_cleanup(curl);
136: }
137:
138: curl_global_cleanup();
139:
140: return 0;
141: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to simplessl.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / docs / examples