I want to use gSOAP to connect the HTTPS web services, what i found about how to it using gSOAP is to call soap_ssl_client_context() first, the example i found from here is
if (soap_ssl_client_context(
&soap, //1
SOAP_SSL_DEFAULT, //2
"client.pem", //3 /* keyfile: required only when client must authenticate to server (see SSL docs on how to obtain this file) */
"password", //4 /* password to read the key file (not used with GNUTLS) */
"cacerts.pem", //5 /* cacert file to store trusted certificates (needed to verify server) */
NULL, //6 /* capath to directory with trusted certificates */
NULL //7 /* if randfile!=NULL: use a file with random data to seed randomness */
))
{
soap_print_fault(&soap, stderr);
exit(1);
}
But i cannot find any documentation about the details of parameters. My questions are:
the 5th parameter, it says it should be a "cacert file". All the samples are using PEM format, does it support other formats like DER/PKCS? Or only PEM? I tried to use a DER file, it generated cannot read CA cert file error.
the 6th one, it says it should be a "capath to directory", but how it works? E.g. all the files in that directory MUST be certificate files? It will iterate every certificate files in the directory until the validation successes?
----------------Update---------------
About the #1 question, i checked the source code in gSoap and OpenSSL, found that it use the PEM (x.509) function to load the certfile.
soap_init()
{
//...
soap->fsslauth = ssl_auth_init;
//...
}
soap_ssl_client_context()
{
//...
soap->cafile = cafile;
//...
return soap->fsslauth(soap);
}
ssl_auth_init()
{
//...
SSL_CTX_set_client_CA_list(soap->ctx, SSL_load_client_CA_file(soap->cafile));
//...
}
SSL_load_client_CA_file
{
//...
if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
//...
}
Thanks a lot,
Aidy
