Jump to content

Modify LIbcurl to support SSL


martyj
 Share

Recommended Posts

Yeah, it requires an additional lib called like ssleay or something like that.  Where I ran into trouble was I could not figure out what the contents of the cacert.pem file was supposed to be or how to safely distribute it, and no one on the web could give me a straight answer.

My job is to make tools you love, with the features you want, and performance you can't live without.

Link to comment
Share on other sites

1 minute ago, martyj said:

Were you trying to publish your own certificate authority file?

I believe libcurl uses Window's CA list by default unless you wanted to self-sign your own SSL certificates.
 

I don't know enough about it to answer that.  All I know if I put my private key in the cacert.pem file it worked, and nothing else would work.

My job is to make tools you love, with the features you want, and performance you can't live without.

Link to comment
Share on other sites

I don't think you need to be having a CA file.

The CA file is basically a way to identify that a certificate has been verified through the certificate authority for a domain.

There are two parts to SSL encryption over HTTP.

The first is Domain verification.
The second is encryption.

Domain Verification is through the use of Certificate Authorities


Operating systems include a bunch of certificate authority files from like GeoTrust, DigiCert, ect.

When you go to create an SSL certificate you use like GeoTrust or whoevever. They usually have domain verification to prove that you own leadwerks.com. That way not just anybody can create an SSL certificate on your domain.

GeoTrust will then issue you a SSL certificate based off of their CA private key.

Your SSL certificate is in two parts, a public key and a private key. You keep your private key a secret and hand out your public key.

When you visit say https://leadwerks.com, there is an SSL handshake which provides information about your public key, the ca to use, ect. Your browser will then look at the certificate authority to check if that public key really came from say GeoTrust or if your SSL certificate is lying.

This allows the "green" secure icon in the top of your browser stating, yes you are in fact visiting leadwerks.com instead of someone pretending to be. Look up bitsquating if you want to see attacks that can be done if this wasn't around.

The second part of SSL is pretty straight forward. Tom Scott on Youtube has some good videos on RSA encryption

----

Now the self signed certificates.

Previously SSL certificates use to be super expensive. Like $50-$1200/year per domain name. Since GeoTrust paid Microsoft and Apple a ton of money to include their CA on their operating systems, they have to make some of it back, by charging you.

If you wanted free SSL certificates in the past you could create your own certificate authority file. Have users install it on their system, then you could verify domain names yourself, without having to pay someone to do it.

Currently if you want a free SSL certificate, LetsEncrypt is the best way to go IMO.

So you shouldn't have to deal with certificate authorities. You can have free SSL certificates.
 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...