Certificate Chain Validation explicit “cipher-suite” specification and “curl_loader”

If the “curl_loader” tool is used to load test a website that is available through HTTPS (TLS / SSL) and if certificate chain verification is required then you would need to update the source and recompile. Note that curl_loader utilizes libcurl that generally is powered by OpenSSL API. In steps:

  1. Open the loader.c file
  2. Search for “SSL_VERIFY_PEER” in loader.c file
  3. Replace and add the following code:

    ----
    curl_easy_setopt (handle, CURLOPT_SSL_VERIFYPEER, 1);
    curl_easy_setopt (handle, CURLOPT_SSL_VERIFYHOST, 2);
    // this is the location of the foile that holds the CA certificate that would be trusted by the underlying curl protocol stack
    curl_easy_setopt (handle, CURLOPT_CAINFO, "chain.pem");
    // Specify the cipher-suite as an environment variable.
    char *cipherString = getenv("CIPHER_STRING");
    curl_easy_setopt (handle, CURLOPT_SSL_CIPHER_LIST, cipherString);

And that is it.

Leave a Reply

Your email address will not be published. Required fields are marked *

     

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">