docs/examples/simplessl.c - third_party/curl - Git at Google

 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
  *                             / __| | | | |_) | |
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at https://curl.se/docs/copyright.html.
  *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
  * furnished to do so, under the terms of the COPYING file.
  *
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
  * SPDX-License-Identifier: curl
  *
  ***************************************************************************/
 /* <DESC>
  * Shows HTTPS usage with client certs and optional ssl engine use.
  * </DESC>
  */
 #ifdef _MSC_VER
 #ifndef _CRT_SECURE_NO_WARNINGS
 #define _CRT_SECURE_NO_WARNINGS  /* for fopen() */
 #endif
 #endif

 #include <stdio.h>

 #include <curl/curl.h>

 /* some requirements for this to work:
    1.   set pCertFile to the file with the client certificate
    2.   if the key is passphrase protected, set pPassphrase to the
         passphrase you use
    3.   if you are using a crypto engine:
    3.1. set a #define USE_ENGINE
    3.2. set pEngine to the name of the crypto engine you use
    3.3. set pKeyName to the key identifier you want to use
    4.   if you do not use a crypto engine:
    4.1. set pKeyName to the filename of your client key
    4.2. if the format of the key file is DER, set pKeyType to "DER"
 */

 int main(void)
 {
   CURL *curl = NULL;
   CURLcode res;
   FILE *headerfile;
   const char *pPassphrase = NULL;

   static const char *pCertFile = "testcert.pem";
   static const char *pCACertFile = "cacert.pem";
   static const char *pHeaderFile = "dumpit";

   const char *pKeyName;
   const char *pKeyType;

 #ifdef USE_ENGINE
   pKeyName = "rsa_test";
   pKeyType = "ENG";
 #else
   pKeyName = "testkey.pem";
   pKeyType = "PEM";
 #endif

   res = curl_global_init(CURL_GLOBAL_ALL);
   if(res) {
     return (int)res;
   }

   headerfile = fopen(pHeaderFile, "wb");
   if(!headerfile)
     goto error;

   curl = curl_easy_init();
   if(!curl)
     goto error;

   /* what call to write: */
   curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://secure.site.example");
   curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);

 #ifdef USE_ENGINE
   /* use crypto engine. nCipher HSM... */
   if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, "chil") != CURLE_OK) {
     /* load the crypto engine */
     fprintf(stderr, "cannot set crypto engine\n");
     goto error;
   }
   if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
     /* set the crypto engine as default */
     /* only needed for the first time you load
        an engine in a curl object... */
     fprintf(stderr, "cannot set crypto engine as default\n");
     goto error;
   }
 #endif

   /* cert is stored PEM coded in file... */
   /* since PEM is default, we need not set it for PEM */
   curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");

   /* set the cert for client authentication */
   curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);

   /* sorry, for engine we must set the passphrase
      (if the key has one...) */
   if(pPassphrase)
     curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);

   /* if we use a key stored in a crypto engine,
      we must set the key type to "ENG" */
   curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);

   /* set the private key (file or ID in engine) */
   curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);

   /* set the file with the certs validating the server */
   curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);

   /* disconnect if we cannot validate server's cert */
   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);

   /* Perform the request, res gets the return code */
   res = curl_easy_perform(curl);
   /* Check for errors */
   if(res != CURLE_OK)
     fprintf(stderr, "curl_easy_perform() failed: %s\n",
             curl_easy_strerror(res));

 error:

   /* always cleanup */
   if(curl)
     curl_easy_cleanup(curl);

   if(headerfile)
     fclose(headerfile);

   curl_global_cleanup();

   return (int)res;
 }
	/***************************************************************************
	* _ _ ____ _
	* Project ___\| \| \| \| _ \\| \|
	* / __\| \| \| \| \|_) \| \|
	* \| (__\| \|_\| \| _ <\| \|___
	* \___\|\___/\|_\| \_\_____\|
	*
	* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
	*
	* This software is licensed as described in the file COPYING, which
	* you should have received as part of this distribution. The terms
	* are also available at https://curl.se/docs/copyright.html.
	*
	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
	* copies of the Software, and permit persons to whom the Software is
	* furnished to do so, under the terms of the COPYING file.
	*
	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
	* KIND, either express or implied.
	*
	* SPDX-License-Identifier: curl
	*
	***************************************************************************/
	/* <DESC>
	* Shows HTTPS usage with client certs and optional ssl engine use.
	* </DESC>
	*/
	#ifdef _MSC_VER
	#ifndef _CRT_SECURE_NO_WARNINGS
	#define _CRT_SECURE_NO_WARNINGS /* for fopen() */
	#endif
	#endif

	#include <stdio.h>

	#include <curl/curl.h>

	/* some requirements for this to work:
	1. set pCertFile to the file with the client certificate
	2. if the key is passphrase protected, set pPassphrase to the
	passphrase you use
	3. if you are using a crypto engine:
	3.1. set a #define USE_ENGINE
	3.2. set pEngine to the name of the crypto engine you use
	3.3. set pKeyName to the key identifier you want to use
	4. if you do not use a crypto engine:
	4.1. set pKeyName to the filename of your client key
	4.2. if the format of the key file is DER, set pKeyType to "DER"
	*/

	int main(void)
	{
	CURL *curl = NULL;
	CURLcode res;
	FILE *headerfile;
	const char *pPassphrase = NULL;

	static const char *pCertFile = "testcert.pem";
	static const char *pCACertFile = "cacert.pem";
	static const char *pHeaderFile = "dumpit";

	const char *pKeyName;
	const char *pKeyType;

	#ifdef USE_ENGINE
	pKeyName = "rsa_test";
	pKeyType = "ENG";
	#else
	pKeyName = "testkey.pem";
	pKeyType = "PEM";
	#endif

	res = curl_global_init(CURL_GLOBAL_ALL);
	if(res) {
	return (int)res;
	}

	headerfile = fopen(pHeaderFile, "wb");
	if(!headerfile)
	goto error;

	curl = curl_easy_init();
	if(!curl)
	goto error;

	/* what call to write: */
	curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://secure.site.example");
	curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);

	#ifdef USE_ENGINE
	/* use crypto engine. nCipher HSM... */
	if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, "chil") != CURLE_OK) {
	/* load the crypto engine */
	fprintf(stderr, "cannot set crypto engine\n");
	goto error;
	}
	if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
	/* set the crypto engine as default */
	/* only needed for the first time you load
	an engine in a curl object... */
	fprintf(stderr, "cannot set crypto engine as default\n");
	goto error;
	}
	#endif

	/* cert is stored PEM coded in file... */
	/* since PEM is default, we need not set it for PEM */
	curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");

	/* set the cert for client authentication */
	curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);

	/* sorry, for engine we must set the passphrase
	(if the key has one...) */
	if(pPassphrase)
	curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);

	/* if we use a key stored in a crypto engine,
	we must set the key type to "ENG" */
	curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);

	/* set the private key (file or ID in engine) */
	curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);

	/* set the file with the certs validating the server */
	curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);

	/* disconnect if we cannot validate server's cert */
	curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);

	/* Perform the request, res gets the return code */
	res = curl_easy_perform(curl);
	/* Check for errors */
	if(res != CURLE_OK)
	fprintf(stderr, "curl_easy_perform() failed: %s\n",
	curl_easy_strerror(res));

	error:

	/* always cleanup */
	if(curl)
	curl_easy_cleanup(curl);

	if(headerfile)
	fclose(headerfile);

	curl_global_cleanup();

	return (int)res;
	}