Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Openssl support #31

Closed
whoshuu opened this issue Aug 10, 2015 · 12 comments · Fixed by #276
Closed

Openssl support #31

whoshuu opened this issue Aug 10, 2015 · 12 comments · Fixed by #276

Comments

@whoshuu
Copy link
Collaborator

whoshuu commented Aug 10, 2015

No description provided.

@webmaster128
Copy link

Is this OpenSSL specific or are you talking about generic TLS support? I guess as user of curl, you should be able to abstract away from the TLS implementation used.

@whoshuu
Copy link
Collaborator Author

whoshuu commented Dec 10, 2015

Yeah I should clarify that I want generic TLS support. The library client should probably not care what's used behind the scenes to do TLS, this is purely a build step detail.

That said, if I were to embed a particular TLS library, OpenSSL appears to be the way to go.

@tiwoc
Copy link

tiwoc commented Dec 20, 2015

On Windows and OS X, you can configure cURL to simply use the OS-provided TLS stacks (Secure Channel, Secure Transport), which has multiple upsides to shipping OpenSSL or one of its forks:

  • smaller binary size, because the library is already there
  • no need to maintain/update the list of trusted root certificates, which is not included in OpenSSL
  • no need to issue emergency patches of your app when the next security issue in the TLS library is found, because the OS vendor will do it

On Linux, you can feed the OS-provided trusted root certificates to cURL if you can find them. Here's where we look for them in Kullo:
https://github.com/kullo/client-httpclient-curl/blob/master/httpclient/cabundle.cpp

The CA bundle can then be fed to cURL using CURLOPT_CAINFO:
https://github.com/kullo/client-httpclient-curl/blob/master/httpclient/httpclientimpl.cpp#L137

@t-money-g
Copy link

FYI for people just looking to get a quick and dirty requests over SSL should be able to do so by linking against libCURL (compiled with OpenSSL).
Just add it to your cmake lists and executable:
find_package(CURL)
include_directories(${CURL_INCLUDE_DIRS})
target_link_libraries(exe ${CURL_LIBRARY})

@rwebber
Copy link

rwebber commented Dec 5, 2016

is it currently possible to make connections via Oauth?

@dontsovcmc
Copy link

There are some options for SSL:

Not check SSL:

curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYPEER, false); 
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYHOST, false); 

Self-signed serfiticate:

curl_easy_setopt(curl_,CURLOPT_SSLCERTTYPE,"DER");
curl_easy_setopt(curl_,CURLOPT_CAINFO, path_to_cert_.c_str());
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYHOST, false);  

Signed sertificate:
curl_easy_setopt(curl_, CURLOPT_CAINFO, "keys/curl-ca-bundle.crt");

I't good to use public web servers for unit tests.
For SSL it's good https://badssl.com/
Common requests: https://httpbin.org/

@muggenhor
Copy link

I't good to use public web servers for unit tests.

I disagree: you want unit tests to be able to run without any external dependencies. Integration tests are a different story though. But even those you probably want to run against a server which configuration you control (.e.g one you spawn as part of the test run).

@flier flier mentioned this issue Jun 14, 2018
@EpiscopMoo
Copy link

Btw, couldn't find in the docs but there is a way to disable SSL checks without going down to libcurl calls.

cpr::Session session;
session.SetVerifySsl(false);
session.SetUrl(...);
auto response = session.Get();

Hope it helps someone!

@jginesclavero
Copy link

Btw, couldn't find in the docs but there is a way to disable SSL checks without going down to libcurl calls.

cpr::Session session;
session.SetVerifySsl(false);
session.SetUrl(...);
auto response = session.Get();

Hope it helps someone!

Thank you so much! Simple and effective!

@ppetraki
Copy link

What's the status of this? It looks like the CI has fallen behind. However the merge isn't all that big to begin with. What's holding this feature back from being merged into mainline?

@liyongping
Copy link

+1

1 similar comment
@TheMaverickProgrammer
Copy link

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.