Adding self-signed SSL certificate for libcurl
I am using libcurl in my C application to communicate with an HTTPS server that I have set up. I generated a self-signed certificate on that server that I wish to use with curl.
I am aware of setting CURLOPT_SSL_VERIFYPEER to 0 to bypass the SSL verification, but I wish to add the generated certificate to curl's "valid" CA certificates.
I have tried setting CURLOPT_CAPATH and CURLOPT_SSLCERT to the location of the server SSL public key, but it fails to pass the verification.
How can I add my own CA/Self-signed certificate so that libcurl will successfully validate it?
Answer
To add a self-signed certificate, use CURLOPT_CAINFO
To retrieve the SSL public certificate of a site, use
openssl s_client -connect www.site.com:443 | tee logfile
The certificate is the portion marked by ----BEGIN CERTIFICATE---- and
---END CERTIFICATE----.
Save that certificate into a file, and use curl in a manner like so:
CURL* c = curl_easy_init();
curl_easy_setopt(c, CURLOPT_URL, "https://www.site.com");
curl_easy_setopt(c, CURLOPT_CAINFO, "/path/to/the/certificate.crt");
curl_easy_setopt(c, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_perform(c);
curl_easy_cleanup(c);