113498266Sopenharmony_ci/*************************************************************************** 213498266Sopenharmony_ci * _ _ ____ _ 313498266Sopenharmony_ci * Project ___| | | | _ \| | 413498266Sopenharmony_ci * / __| | | | |_) | | 513498266Sopenharmony_ci * | (__| |_| | _ <| |___ 613498266Sopenharmony_ci * \___|\___/|_| \_\_____| 713498266Sopenharmony_ci * 813498266Sopenharmony_ci * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 913498266Sopenharmony_ci * 1013498266Sopenharmony_ci * This software is licensed as described in the file COPYING, which 1113498266Sopenharmony_ci * you should have received as part of this distribution. The terms 1213498266Sopenharmony_ci * are also available at https://curl.se/docs/copyright.html. 1313498266Sopenharmony_ci * 1413498266Sopenharmony_ci * You may opt to use, copy, modify, merge, publish, distribute and/or sell 1513498266Sopenharmony_ci * copies of the Software, and permit persons to whom the Software is 1613498266Sopenharmony_ci * furnished to do so, under the terms of the COPYING file. 1713498266Sopenharmony_ci * 1813498266Sopenharmony_ci * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 1913498266Sopenharmony_ci * KIND, either express or implied. 2013498266Sopenharmony_ci * 2113498266Sopenharmony_ci * SPDX-License-Identifier: curl 2213498266Sopenharmony_ci * 2313498266Sopenharmony_ci ***************************************************************************/ 2413498266Sopenharmony_ci/* <DESC> 2513498266Sopenharmony_ci * Shows HTTPS usage with client certs and optional ssl engine use. 2613498266Sopenharmony_ci * </DESC> 2713498266Sopenharmony_ci */ 2813498266Sopenharmony_ci#include <stdio.h> 2913498266Sopenharmony_ci 3013498266Sopenharmony_ci#include <curl/curl.h> 3113498266Sopenharmony_ci 3213498266Sopenharmony_ci/* some requirements for this to work: 3313498266Sopenharmony_ci 1. set pCertFile to the file with the client certificate 3413498266Sopenharmony_ci 2. if the key is passphrase protected, set pPassphrase to the 3513498266Sopenharmony_ci passphrase you use 3613498266Sopenharmony_ci 3. if you are using a crypto engine: 3713498266Sopenharmony_ci 3.1. set a #define USE_ENGINE 3813498266Sopenharmony_ci 3.2. set pEngine to the name of the crypto engine you use 3913498266Sopenharmony_ci 3.3. set pKeyName to the key identifier you want to use 4013498266Sopenharmony_ci 4. if you do not use a crypto engine: 4113498266Sopenharmony_ci 4.1. set pKeyName to the file name of your client key 4213498266Sopenharmony_ci 4.2. if the format of the key file is DER, set pKeyType to "DER" 4313498266Sopenharmony_ci 4413498266Sopenharmony_ci !! verify of the server certificate is not implemented here !! 4513498266Sopenharmony_ci 4613498266Sopenharmony_ci **** This example only works with libcurl 7.9.3 and later! **** 4713498266Sopenharmony_ci 4813498266Sopenharmony_ci*/ 4913498266Sopenharmony_ci 5013498266Sopenharmony_ciint main(void) 5113498266Sopenharmony_ci{ 5213498266Sopenharmony_ci CURL *curl; 5313498266Sopenharmony_ci CURLcode res; 5413498266Sopenharmony_ci FILE *headerfile; 5513498266Sopenharmony_ci const char *pPassphrase = NULL; 5613498266Sopenharmony_ci 5713498266Sopenharmony_ci static const char *pCertFile = "testcert.pem"; 5813498266Sopenharmony_ci static const char *pCACertFile = "cacert.pem"; 5913498266Sopenharmony_ci static const char *pHeaderFile = "dumpit"; 6013498266Sopenharmony_ci 6113498266Sopenharmony_ci const char *pKeyName; 6213498266Sopenharmony_ci const char *pKeyType; 6313498266Sopenharmony_ci 6413498266Sopenharmony_ci const char *pEngine; 6513498266Sopenharmony_ci 6613498266Sopenharmony_ci#ifdef USE_ENGINE 6713498266Sopenharmony_ci pKeyName = "rsa_test"; 6813498266Sopenharmony_ci pKeyType = "ENG"; 6913498266Sopenharmony_ci pEngine = "chil"; /* for nChiper HSM... */ 7013498266Sopenharmony_ci#else 7113498266Sopenharmony_ci pKeyName = "testkey.pem"; 7213498266Sopenharmony_ci pKeyType = "PEM"; 7313498266Sopenharmony_ci pEngine = NULL; 7413498266Sopenharmony_ci#endif 7513498266Sopenharmony_ci 7613498266Sopenharmony_ci headerfile = fopen(pHeaderFile, "wb"); 7713498266Sopenharmony_ci 7813498266Sopenharmony_ci curl_global_init(CURL_GLOBAL_DEFAULT); 7913498266Sopenharmony_ci 8013498266Sopenharmony_ci curl = curl_easy_init(); 8113498266Sopenharmony_ci if(curl) { 8213498266Sopenharmony_ci /* what call to write: */ 8313498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://your.favourite.ssl.site"); 8413498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile); 8513498266Sopenharmony_ci 8613498266Sopenharmony_ci do { /* dummy loop, just to break out from */ 8713498266Sopenharmony_ci if(pEngine) { 8813498266Sopenharmony_ci /* use crypto engine */ 8913498266Sopenharmony_ci if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) { 9013498266Sopenharmony_ci /* load the crypto engine */ 9113498266Sopenharmony_ci fprintf(stderr, "cannot set crypto engine\n"); 9213498266Sopenharmony_ci break; 9313498266Sopenharmony_ci } 9413498266Sopenharmony_ci if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) { 9513498266Sopenharmony_ci /* set the crypto engine as default */ 9613498266Sopenharmony_ci /* only needed for the first time you load 9713498266Sopenharmony_ci a engine in a curl object... */ 9813498266Sopenharmony_ci fprintf(stderr, "cannot set crypto engine as default\n"); 9913498266Sopenharmony_ci break; 10013498266Sopenharmony_ci } 10113498266Sopenharmony_ci } 10213498266Sopenharmony_ci /* cert is stored PEM coded in file... */ 10313498266Sopenharmony_ci /* since PEM is default, we needn't set it for PEM */ 10413498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); 10513498266Sopenharmony_ci 10613498266Sopenharmony_ci /* set the cert for client authentication */ 10713498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile); 10813498266Sopenharmony_ci 10913498266Sopenharmony_ci /* sorry, for engine we must set the passphrase 11013498266Sopenharmony_ci (if the key has one...) */ 11113498266Sopenharmony_ci if(pPassphrase) 11213498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase); 11313498266Sopenharmony_ci 11413498266Sopenharmony_ci /* if we use a key stored in a crypto engine, 11513498266Sopenharmony_ci we must set the key type to "ENG" */ 11613498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType); 11713498266Sopenharmony_ci 11813498266Sopenharmony_ci /* set the private key (file or ID in engine) */ 11913498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName); 12013498266Sopenharmony_ci 12113498266Sopenharmony_ci /* set the file with the certs validating the server */ 12213498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile); 12313498266Sopenharmony_ci 12413498266Sopenharmony_ci /* disconnect if we cannot validate server's cert */ 12513498266Sopenharmony_ci curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); 12613498266Sopenharmony_ci 12713498266Sopenharmony_ci /* Perform the request, res will get the return code */ 12813498266Sopenharmony_ci res = curl_easy_perform(curl); 12913498266Sopenharmony_ci /* Check for errors */ 13013498266Sopenharmony_ci if(res != CURLE_OK) 13113498266Sopenharmony_ci fprintf(stderr, "curl_easy_perform() failed: %s\n", 13213498266Sopenharmony_ci curl_easy_strerror(res)); 13313498266Sopenharmony_ci 13413498266Sopenharmony_ci /* we are done... */ 13513498266Sopenharmony_ci } while(0); 13613498266Sopenharmony_ci /* always cleanup */ 13713498266Sopenharmony_ci curl_easy_cleanup(curl); 13813498266Sopenharmony_ci } 13913498266Sopenharmony_ci 14013498266Sopenharmony_ci curl_global_cleanup(); 14113498266Sopenharmony_ci 14213498266Sopenharmony_ci return 0; 14313498266Sopenharmony_ci} 144