On 7/25/2022 2:49 AM, Minal Patil via curl-library wrote: > I am looking to configure client side certificate validation in my > libcurl based application communicating with https protocol. > > As per the documentation I need to configure the CURLOPT_SSLCERT > attribute. Sample code available on its doc page says i need to > configure below 3 attributes. > > curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem"); > curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem"); > curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); > > When using a client certificate, you most likely also need to provide > a private key with CURLOPT_SSLKEY. It gives an impression that > CURLOPT_SSLKEY is optional and not mandatory. > So can you please clarify if it's really an optional attribute. In > other words can i configure the application only to use a certificate > and key is not required.
Whether SSLKEY is needed depends, please review the SSLCERT man pages. [1][2] Some certificate files contain both the private and public key in the same file, or the SSLCERT option can be set to a nickname or certificate path for some SSL backends. [1]: https://curl.se/libcurl/c/CURLOPT_SSLCERT.html [2]: https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
