Return to simplessl.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / docs / examples

curl

    1: /***************************************************************************
    2:  *                                  _   _ ____  _
    3:  *  Project                     ___| | | |  _ \| |
    4:  *                             / __| | | | |_) | |
    5:  *                            | (__| |_| |  _ <| |___
    6:  *                             \___|\___/|_| \_\_____|
    7:  *
    8:  * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
    9:  *
   10:  * This software is licensed as described in the file COPYING, which
   11:  * you should have received as part of this distribution. The terms
   12:  * are also available at https://curl.haxx.se/docs/copyright.html.
   13:  *
   14:  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
   15:  * copies of the Software, and permit persons to whom the Software is
   16:  * furnished to do so, under the terms of the COPYING file.
   17:  *
   18:  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
   19:  * KIND, either express or implied.
   20:  *
   21:  ***************************************************************************/
   22: /* <DESC>
   23:  * Shows HTTPS usage with client certs and optional ssl engine use.
   24:  * </DESC>
   25:  */
   26: #include <stdio.h>
   27: 
   28: #include <curl/curl.h>
   29: 
   30: /* some requirements for this to work:
   31:    1.   set pCertFile to the file with the client certificate
   32:    2.   if the key is passphrase protected, set pPassphrase to the
   33:         passphrase you use
   34:    3.   if you are using a crypto engine:
   35:    3.1. set a #define USE_ENGINE
   36:    3.2. set pEngine to the name of the crypto engine you use
   37:    3.3. set pKeyName to the key identifier you want to use
   38:    4.   if you don't use a crypto engine:
   39:    4.1. set pKeyName to the file name of your client key
   40:    4.2. if the format of the key file is DER, set pKeyType to "DER"
   41: 
   42:    !! verify of the server certificate is not implemented here !!
   43: 
   44:    **** This example only works with libcurl 7.9.3 and later! ****
   45: 
   46: */
   47: 
   48: int main(void)
   49: {
   50:   CURL *curl;
   51:   CURLcode res;
   52:   FILE *headerfile;
   53:   const char *pPassphrase = NULL;
   54: 
   55:   static const char *pCertFile = "testcert.pem";
   56:   static const char *pCACertFile = "cacert.pem";
   57:   static const char *pHeaderFile = "dumpit";
   58: 
   59:   const char *pKeyName;
   60:   const char *pKeyType;
   61: 
   62:   const char *pEngine;
   63: 
   64: #ifdef USE_ENGINE
   65:   pKeyName  = "rsa_test";
   66:   pKeyType  = "ENG";
   67:   pEngine   = "chil";            /* for nChiper HSM... */
   68: #else
   69:   pKeyName  = "testkey.pem";
   70:   pKeyType  = "PEM";
   71:   pEngine   = NULL;
   72: #endif
   73: 
   74:   headerfile = fopen(pHeaderFile, "wb");
   75: 
   76:   curl_global_init(CURL_GLOBAL_DEFAULT);
   77: 
   78:   curl = curl_easy_init();
   79:   if(curl) {
   80:     /* what call to write: */
   81:     curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://your.favourite.ssl.site");
   82:     curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
   83: 
   84:     do { /* dummy loop, just to break out from */
   85:       if(pEngine) {
   86:         /* use crypto engine */
   87:         if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
   88:           /* load the crypto engine */
   89:           fprintf(stderr, "can't set crypto engine\n");
   90:           break;
   91:         }
   92:         if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
   93:           /* set the crypto engine as default */
   94:           /* only needed for the first time you load
   95:              a engine in a curl object... */
   96:           fprintf(stderr, "can't set crypto engine as default\n");
   97:           break;
   98:         }
   99:       }
  100:       /* cert is stored PEM coded in file... */
  101:       /* since PEM is default, we needn't set it for PEM */
  102:       curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
  103: 
  104:       /* set the cert for client authentication */
  105:       curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
  106: 
  107:       /* sorry, for engine we must set the passphrase
  108:          (if the key has one...) */
  109:       if(pPassphrase)
  110:         curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);
  111: 
  112:       /* if we use a key stored in a crypto engine,
  113:          we must set the key type to "ENG" */
  114:       curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);
  115: 
  116:       /* set the private key (file or ID in engine) */
  117:       curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);
  118: 
  119:       /* set the file with the certs vaildating the server */
  120:       curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);
  121: 
  122:       /* disconnect if we can't validate server's cert */
  123:       curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
  124: 
  125:       /* Perform the request, res will get the return code */
  126:       res = curl_easy_perform(curl);
  127:       /* Check for errors */
  128:       if(res != CURLE_OK)
  129:         fprintf(stderr, "curl_easy_perform() failed: %s\n",
  130:                 curl_easy_strerror(res));
  131: 
  132:       /* we are done... */
  133:     } while(0);
  134:     /* always cleanup */
  135:     curl_easy_cleanup(curl);
  136:   }
  137: 
  138:   curl_global_cleanup();
  139: 
  140:   return 0;
  141: }