Certificate Chain Validation explicit “cipher-suite” specification and “curl_loader”

If the “curl_loader” tool is used to load test a website that is available through HTTPS (TLS / SSL) and if certificate chain verification is required then you would need to update the source and recompile. Note that curl_loader utilizes libcurl that generally is powered by OpenSSL API. In steps:

  1. Open the loader.c file
  2. Search for “SSL_VERIFY_PEER” in loader.c file
  3. Replace and add the following code:

    ----
    curl_easy_setopt (handle, CURLOPT_SSL_VERIFYPEER, 1);
    curl_easy_setopt (handle, CURLOPT_SSL_VERIFYHOST, 2);
    // this is the location of the foile that holds the CA certificate that would be trusted by the underlying curl protocol stack
    curl_easy_setopt (handle, CURLOPT_CAINFO, "chain.pem");
    // Specify the cipher-suite as an environment variable.
    char *cipherString = getenv("CIPHER_STRING");
    curl_easy_setopt (handle, CURLOPT_SSL_CIPHER_LIST, cipherString);

And that is it.