Libcurl: How To Use TPM Private Key For Mutual SSL Authentication

0 views
Skip to first unread message
Message has been deleted

Stefania Sholar

unread,
Jul 14, 2024, 11:13:04 AM7/14/24
to whiremolo

I use the C libcurl library. I need to do OCSP stapling combined with mutual authentication. For that, I'll take model on the below exemples. However, I need the private key of my client certificate to be stored in the TPM chip. Do you know how to do that, using tpm2-tss-engine? Thanks for your help.

libcurl: how to use TPM private key for mutual SSL authentication


Download https://urlgoal.com/2yXk1q



I need some help to establish a communication channel to consume a webservice using SSLv3 with mutual authentication, libcurl and a smart card, which will store the client certificate, the key pair and will be responsible for signatures, encryptions, etc.

You cannot issue a request with a client certificate if you don't have the private key. In fact the whole purpose of authentication with client certificate is to proof that you have the secret information, i.e. the private key.

When I started I had a pkcs12 file (which contained a certificate, a private key, and CA certificate) for authentication, the endpoint address of the web service, and an xml file that should be used as input data to the web service.

In general, client authentication using the private_key_jwt method should be used by companiesthat need to use secure client authentication flows. This may be the case, for example,for businesses that must comply with the Financial-Grade API (FAPI) standards.

The following examples will go through how to use curl with authentication. For obvious reasons, public APIs do not require authentication but private APIs will require authentication using authorization headers with basic auth, a bearer token header using a JWT (Javascript Web Token) or some other API key, or with a public key X.509 certificate and corresponding private key.

Basic auth with curl sends the credentials base64 encoded in plain text, so it is recommended to use an alternate approach including bearer tokens and X.509 authentication with a certificate and private key.

HTTP is a clear-text protocol and it is normally secured via an SSL/TLS tunnel, resulting in HTTPS traffic. The use of this protocol ensures not only confidentiality, but also authentication. Servers are authenticated using digital certificates and it is also possible to use client certificate for mutual authentication.

In mTLS (mutual-TLS), along with the server, the client's identity is also verified. The TLS handshake is utilized to validate the client's possession of the private key corresponding to the public key in the certificate and to validate the corresponding certificate chain.

CURLSETOPT(handle, option,option value[,more option values,...]) This function is called to define all the parameters and data required tocarry out the particular request. The option argument is case-insensitive.The table below defining the options available contains the equivalent cURL optionvalue used in the C/C++ interface. Not all of the Rexx/CURL option strings arethe same as the C/C++ equivalents; I've tried to be more consistent and clearerwith the name of the option. The C/C++ equivalents are there if you wishto read alternate definitions of these options. See the curl_easy_setopt() functiondocumentation.
All options set with this function stay in effect until CURLCLEANUP is calledor the option reset with another value.Arguments: handle The value returned from CURLINIT. option This is the string identifying the option to set. Values with a grey background have been deprecated and should not be used. Rexx/CURL
Option Description cURL Equivalent
Option ACCEPTENCODING Sets the contents of the Accept-Encoding: header sent in an HTTP request, and enables decoding of a response when a Content-Encoding: header is received.

  • "IDENTITY": Does nothing
  • "DEFLATE": requests the server to compress its response using the zlib algorithm
  • "GZIP": requests the gzip algorithm
If a zero-length string is set, then an Accept-Encoding: header containing all supported encodings is sent.
This is a request, not an order; the server may or may not do it. This option must be set (to any non-empty value) or else any unsolicited encoding done by the server is ignored. See the special cURL file lib/README.encoding for details. CURLOPT_ACCEPT_ENCODING ACCEPTTIMEOUTMS Not documented on cURL site. CURLOPT_ACCEPT_TIMEOUTMS ADDRESSSCOPE A number sppecifying the scope_id value to use when connecting to IPv6 link-local or site-local addresses. CURLOPT_ADDRESS_SCOPE APPEND Set this option to a 1 or Y to indicate that the remote file is to be appended to rather than replaced when an FTP upload is to be carried out. CURLOPT_APPEND BUFFERSIZE Specify the size of the recieve buffer to use. CURLOPT_BUFFERSIZE CAINFO The name of a file from which the SSL peer certificate data is read for the performed action. This file must exist. CURLOPT_CAINFO CAPATH The CAPATH directory used to validate the peer certificate. This option is used only if SSL_VERIFYPEER is true. CURLOPT_CAPATH CERTINFO Set this option to a 1 or Y to enable libcurl's certificate chain info gatherer. With this enabled, libcurl (if built with OpenSSL) will extract lots of information and data about the certificates in the certificate chain used in the SSL connection. This data is then possible to extract after a transfer using CURLGETINFO and its option CERTINFO CURLOPT_CERTINFO CLOSEPOLICY Specify the type of disconnection policy to use if the connection cache is filled. This is only applicable if you potentially use more than 5 concurrent connections. Can be one of "OLDEST", or "LEAST_RECENTLY_USED". CURLOPT_CLOSEPOLICY CONNECTONLY Set this option to a 1 or Y to tell the library to perform any required proxy authentication and connection setup, but no data transfer. CURLOPT_CONNECT_ONLY CONNECTTIMEOUT To limit the time it takes to connect to the server, set this value to the number of seconds. CURLOPT_CONNECTTIMEOUT CONNECTTIMEOUTMS Like CONNECTTIMEOUT but takes number of milliseconds instead. CURLOPT_CONNECTTIMEOUT_MS COOKIE If you want to pass a cookie to the server, set this option to the cookie. The format of the cookie is: name=contents, where name is the name of the cookie to be set. CURLOPT_COOKIE COOKIEFILE The name of a file from which cookie data is read for the performed action. The cookie file can contain Netscape/Mozilla formated cookies, or regular HTTP header format. This file must exist. CURLOPT_COOKIEFILE COOKIEJAR The name of a file to which all known cookies are written after the operation completes. CURLOPT_COOKIEJAR COOKIELIST Pass a string containing a cookie string. Cookie can be either in Netscape / Mozilla format or just regular HTTP-style header (Set-Cookie: ...) format. If cURL cookie engine was not enabled it will enable its cookie engine. Passing a magic string ALL will erase all cookies known by cURL. CURLOPT_COOKIELIST COOKIESESSION Set this option to a 1 or Y to indicate that this operation is the start of a cookie session. Set this option to a 0 or N to indicate that this operation is the end of a cookie session. CURLOPT_COOKIESESSION CRLF Set this option to a 1 or Y to indicate that LF charcaters should be converted to CRLF on transfers. CURLOPT_CRLF CRLFILE Pass a string naming a file with the concatenation of CRL (in PEM format) to use in the certificate validation that occurs during the SSL exchange.
When curl is built to use NSS or GnuTLS, there is no way to influence the use of CRL passed to help in the verification process. When libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all the elements of the certificate chain if a CRL file is passed.
This option makes sense only when used in combination with the SSLVERIFYPEER option. CURLOPT_CRLFILE CUSTOMREQUEST To carry out an HTTP request command other than GET or HEAD, pass the command in this option. CURLOPT_CUSTOMREQUEST DIRLISTONLY Set this option to a 1 or Y to indicate that only filenames are to be returned when the URL option specifies an FTP directory. Normally, file sizes, dates etc. are returned. This works for FTP and SFTP URLs.
This causes an FTP NLST command to be sent on an FTP server. Beware that some FTP servers list only files in their response to NLST; they might not include subdirectories and symbolic links.
Setting this option to 1 or Y also implies a directory listing even if the URL doesn't end with a slash, which otherwise is necessary. Do NOT use this option if you also use the WILDCARDMATCH option as it will effectively break that feature. CURLOPT_DIRLISTONLY DNSCACHETIMEOUT This sets the timeout in seconds. Name resolves will be kept in memory for this number of seconds. Set to zero to completely disable caching, or set to -1 to make the cached entries remain forever. By default, libcurl caches info for 60 seconds. CURLOPT_DNS_CACHE_TIMEOUT DNSSERVERS Set the list of DNS servers to be used instead of the system default. The format of the dns servers option is:
host[:port][,host[:port]]...
For example:
192.168.1.100,192.168.1.101,3.4.5.6
This option requires that libcurl was built with a resolver backend that supports this operation. The c-ares backend is the only such one. This can be determined by testing for !REXXCURL.!ARES being non-blank or !REXXCURL.!ARES_NUM not being zero. CURLOPT_DNS_SERVERS DNSUSEGLOBALCACHE Set this option to a 1 or Y to use a global DNS cahce that will last between operations. CURLOPT_DNS_USE_GLOBAL_CACHE EGDSOCKET The name of the Entropy Gathering Socket which is used to seed the SSL random engine. CURLOPT_EGDSOCKET ENCODING
Use:ACCEPTENCODING Sets the contents of the Accept-Encoding: header sent in an HTTP request, and enables decoding of a response when a Content-Encoding: header is received.
  • "IDENTITY": Does nothing
  • "DEFLATE": requests the server to compress its response using the zlib algorithm
  • "GZIP": requests the gzip algorithm
If a zero-length string is set, then an Accept-Encoding: header containing all supported encodings is sent.
This is a request, not an order; the server may or may not do it. This option must be set (to any non-empty value) or else any unsolicited encoding done by the server is ignored. See the special cURL file lib/README.encoding for details. CURLOPT_ENCODING ERRFILE The name of a file into which any error output from the performed action is written. By default, if this file exists, it will be over-written. You can pass APPEND as an extra argument to append data to an existing file. CURLOPT_STDERR FAILONERROR Set this option to a 1 or Y to get cURL to fail, rather than return the page, if the HTTP return code is greater than or equal to 300. CURLOPT_FAILONERROR FILETIME Set this option to a 1 or Y to indicate that cURL should attempt to retrieve the modification date of the remote document. Not all servers will respond to this type of request. To retrieve the date, call CURLGETINFO with the FILE_TIME option. CURLOPT_FILETIME FOLLOWLOCATION Set this option to a 1 or Y to get cURL to follow any Location: headers in the specified site. CURLOPT_FOLLOWLOCATION FORBIDREUSE Set this option to a 1 or Y to get cURL to make the next transfer explicitly close the connection when done. Normally, libcurl keeps all connections alive when done with one transfer in case there comes a succeeding one that can re-use them. This option should be used with caution and only if you understand what it does. Set to 0 to have libcurl keep the connection open for possibly later re-use (default behavior). CURLOPT_FORBID_REUSE FRESHCONNECT Set this option to a 1 or Y to indicate that the next transfer should use a new connection. CURLOPT_FRESH_CONNECT FTPALTERNATIVETOUSER A string which will be used to authenticate if the usual FTP "USER user" and "PASS password" negotiation fails. This is currently only known to be required when connecting to Tumbleweed's Secure Transport FTPS server using client certificates for authentication. CURLOPT_FTP_ALTERNATIVE_TO_USER FTPAPPEND
Use:APPEND Set this option to a 1 or Y to indicate that the remote file is to be appended to rather than replaced when an FTP upload is to be carried out. CURLOPT_FTPAPPEND FTPCMDS Specify a stem containing FTP commands to be issued before an FTP session is started. CURLOPT_QUOTE FTPCMDSAFTER A list of FTP commands to be executed after the URL is accessed. The list of commands is specified as a stem name; ie the supplied string must end in a period, and represent a valid Rexx array. CURLOPT_POSTQUOTE FTPCMDSBEFORE A list of FTP commands to be executed before the URL is accessed. The list of commands is specified as a stem name; ie the supplied string must end in a period, and represent a valid Rexx array. CURLOPT_PREQUOTE FTPCREATEMISSINGDIRS Set this option to one of the following string values to tell cURL to attempt to create any remote directory that it fails to CWD into.
  • "CREATE_DIR": libcurl will attempt to create any remote directory that it fails to CWD into. CWD is the command that changes working directory. This setting also applies to SFTP-connections. libcurl will attempt to create the remote directory if it can't obtain a handle to the target-location. The creation will fail if a file of the same name as the directory to create already exists or lack of permissions prevents creation.
  • "CREATE_DIR_RETRY": make libcurl retry the CWD command again if the subsequent MKD command fails. This is especially useful if you're doing many simultaneous connections against the same server and they all have this option enabled, as then CWD may first fail but then another connection does MKD before this connection and thus MKD fails but trying CWD works!
CURLOPT_FTP_CREATE_MISSING_DIRS FTPCRLF See the prefered CRLF option. CURLOPT_CRLF FTPLISTONLY
Use:DIRLISTONLY Set this option to a 1 or Y to indicate that only filenames are to be returned when the URL option specifies an FTP directory. Normally, file sizes, dates etc. are returned. CURLOPT_FTPLISTONLY FTPPORT Set this option to a string to use as the parameter to the FTP PORT command. The parameter can be an IP address, a hostname, an interface name (undex Unix), or '-' to use the client machine's default IP address. CURLOPT_FTPPORT FTPRESPONSETIMEOUT Causes uURL to set a timeout period (in seconds) on the amount of time that the server is allowed to take in order to generate a response message for a command before the session is considered hung. Note that while curl is waiting for a response, this value overrides "TIMEOUT". It is recommended that if used in conjunction with "TIMEOUT", you set "FTPRESPONSETIMEOUT" to a value smaller than "TIMEOUT". CURLOPT_FTP_RESPONSE_TIMEOUT FTPSKIPPASVIP Set this option to a 1 or Y to instruct libcurl to not use the IP address the server suggests in its 227-response to libcurl's PASV command when libcurl connects the data connection. Instead libcurl will re-use the same IP address it already uses for the control connection. But it will use the port number from the 227-response.
This option has no effect if PORT, EPRT or EPSV is used instead of PASV. CURLOPT_FTP_SKIP_PASV_IP FTPSSL
Use:USESSL Set this option to one of the following string values to make libcurl use your desired level of SSL for the ftp transfer.
  • "NONE": Don't attempt to use SSL.
  • "TRY": Try using SSL, proceed as normal otherwise.
  • "CONTROL": Require SSL for the control connection or fail with FTP_SSL_FAILED.
  • "ALL": Require SSL for all communication or fail with FTP_SSL_FAILED.
CURLOPT_FTP_SSL FTPSSLAUTH Set this option to one of the following string values to alter how libcurl issues AUTH TLS or AUTH SSL when FTP over SSL is activated.
  • "DEFAULT": Allow libcurl to decide.
  • "SSL": Try "AUTH SSL" first, and only if that fails try "AUTH TLS".
  • "TLS": Try "AUTH TLS" first, and only if that fails try "AUTH SSL".
CURLOPT_FTPSSLAUTH FTPSSLCCC If enabled, this option makes cURL use CCC (Clear Command Channel). It shuts down the SSL/TLS layer after authenticating. The rest of the control channel communication will be unencrypted. This allows NAT routers to follow the FTP transaction. Pass one of the values below.
  • "NONE": Don't attempt to use CCC.
  • "PASSIVE": Do not initiate the shutdown, but wait for the server to do it. Do not send a reply.
  • "ACTIVE": Initiate the shutdown and wait for a reply.
CURLOPT_FTP_SSL_CCC FTPUSEEPSV Set this option to a 1 or Y to tell cURL to use the EPSV command when doing passive FTP downloads (which it always does by default). Using EPSV means that it will first attempt to use EPSV before using PASV, but if you pass 0 or N to this option, it will not try using EPSV, only plain PASV. CURLOPT_FTP_USE_EPSV FTPUSEEPRET Set this option to a 1 or Y to tell cURL to use the PRET (and LPRT) command when doing active FTP downloads (which is enabled by "FTPPORT"). Using EPRT means that it will first attempt to use EPRT and then LPRT before using PORT, but if you pass 0 to this option, it will not try using PRET or LPRT, only plain PORT. CURLOPT_FTP_USE_PRET GSSAPIDELEGATION Set the extra parameter to one of the following:
  • "FLAG": Allow unconditional GSSAPI credential delegation.
  • "POLICY_FLAG": Delegate only if the OK-AS-DELEGATE flag is set in the service ticket in case this feature is supported by the GSSAPI implementation and the definition of GSS_C_DELEG_POLICY_FLAG was available at compile-time of libcurl.
  • "NONE": Disable delegation. This is the default setting.
CURLOPT_GSSAPI_DELEGATION HEADER Set this option to a 1 or Y to get cURL to return header information for those protocols, like HTTP, that have seperate headers and footers. CURLOPT_HEADER HEADERFILE The name of a file into which headers from the performed action are written. By default, if this file exists, it will be over-written. You can pass APPEND as an extra argument to append data to an existing file. CURLOPT_WRITEHEADER
CURLOPT_HEADERDATA HEADERSTEM Specify the stem variable of an array into which any headers from the performed action are written. If the array exists, it will be over-written. Where possible, each entry in the array will contain a single line. CURLOPT_WRITEHEADER HTTP200ALIASES Specify a stem containing a list of aliases to be treated as valid HTTP 200 responses. Some servers respond with a custom header response line. For example, IceCast servers respond with "ICY 200 OK". By including this string in your list of aliases, the response will be treated as a valid HTTP header line such as "HTTP/1.0 200 OK". CURLOPT_HTTP200ALIASES HTTPAUTH Pass one or more of the following string values as seperate arguments. These options tell cURL which HTTP authentication options to attempt from the list.
  • "BASIC": HTTP Basic authentication. This is the default choice, and the only method that is in wide-spread use and supported virtually everywhere. This is sending the user name and password over the network in plain text, easily captured by others.
  • "DIGEST": HTTP Digest authentication. Digest authentication is defined in RFC2617 and is a more secure way to do authentication over public networks than the regular old-fashioned Basic method.
  • "GSSNEGOTIATE": HTTP GSS-Negotiate authentication. The GSS-Negotiate (also known as plain "Negotiate") method was designed by Microsoft and is used in their web applications. It is primarily meant as a support for Kerberos5 authentication but may be also used along with another authentication methods. For more information see IETF draft draft-brezak-spnego-http-04.txt.
  • "NTLM": HTTP NTLM authentication. A proprietary protocol invented and used by Microsoft. It uses a challenge-response and hash concept similar to Digest, to prevent the password from being eavesdropped.
  • "ANY": This is a convenience macro that sets all bits and thus makes libcurl pick any it finds suitable. libcurl will automatically select the one it finds most secure.
  • "ANYSAFE": This is a convenience macro that sets all bits except Basic and thus makes libcurl pick any it finds suitable. libcurl will automatically select the one it finds most secure.
  • All of the above values with "AUTH_" prefix are now deprecated.
CURLOPT_HTTPAUTH HTTPCONTENTDECODING Set this option to tell cURL how to act on content decoding. If set to 0 or N, content decoding will be disabled. If set to 1 or Y it is enabled. Note however that cURL has no default content decoding but requires you to use ENCODING for that. CURLOPT_HTTP_CONTENT_DECODING HTTPGET Set this option to a 1 or Y to get cURL to return to HTTP GET mode. Really only useful if a POST was set with the same connection handle. CURLOPT_HTTPGET HTTPHEADER To pass a series of HTTP headers to the server, set this option to a valid Rexx stem. Any headers included in this option, that would have normally been generated internally by cURL, will be replaced. CURLOPT_HTTPHEADER HTTPPOST Set this option to a 1 or Y to indicate that a regular (application/x-www-form-urlencoded) HTTP POST is to be carried out. Most HTTP forms are of this type. See HTTPPOSTFIELDS option for details on how to specify the content of the form fields. CURLOPT_POST HTTPPOSTDATA Setting this option indicates that you wish to issue a multipart/formdata HTTP POST. You pass the data that is posted as a valid Rexx stem. CURLOPT_HTTPPOST HTTPPOSTFIELDS Specify the content of the fields to be filled in with a HTTPPOST. The passed parameter is a Rexx array, with each item in the array a name/value pair. eg field.1 = 'email=ma...@rexx.org' and field.0 is the number items in the array. CURLOPT_POSTFIELDS
CURLOPT_POSTFIELDSIZE HTTPPOSTFORM Setting this option indicates that the HTTP form data specified with CURLFORMADD is to be posted. No data is passed with this option. CURLOPT_HTTPPOST HTTPPROXYTUNNEL Set this option to a 1 or Y to tunnel all non-http operations through the HTTP proxy. CURLOPT_HTTPPROXYTUNNEL HTTPPUT Set this option to a 1 or Y to get indicate that a HTTP PUT command is issued for the URL. The file to be uploaded must be specified with INFILE. CURLOPT_PUT HTTPTRANSFERDECODING Set this option to tell cURL how to act on transfer decoding. If set to 0 or N, transfer decoding will be disabled. If set to 1 or Y it is enabled (default). cURL does chunked transfer decoding by default unless this option is set to zero. CURLOPT_HTTP_TRANSFER_DECODING HTTPVERSION Set this option to "VERSION_NONE", "VERSION_1_0" or "VERSION_1_1" to specify the version to be used in HTTP requests. CURLOPT_HTTP_VERSION IGNORECONTENTLENGTH Ignore the Content-Length header. This is useful for Apache 1.x (and similar servers) which will report incorrect content length for files over 2 gigabytes. If this option is used, curl will not be able to accurately report progress, and will simply stop the download when the server ends the connection. CURLOPT_IGNORE_CONTENT_LENGTH INFILE The name of a file from which data is read for the performed action. This file must exist. For ftp uploads, this is the file to upload. CURLOPT_INFILE
CURLOPT_READDATA INSTEM Specify the stem variable of an array from which any input for the performed action is read. You can pass an extra argument specifying a character or sequence of characters to be appended to the value of the variable. This is useful for supplying text files via a stem. In Regina you could specify .endofline. CURLOPT_INFILE
CURLOPT_READDATA INTERFACE To specify an outgoing interface other than the default, pass the interface in this option. The interface can be specified as an IP address, a hostname, or an interface name (undex Unix). CURLOPT_INTERFACE IPRESOLVE Allows an application to select what kind of IP addresses to use when resolving host names. This is only interesting when using host names that resolve addresses using more than one version of IP. The allowed values are:
  • "WHATEVER": Default, resolves addresses to all IP versions that your system allows.
  • "V4": Resolve to ipv4 addresses.
  • "V6": Resolve to ipv6 addresses.
  • All of the above values with "IPRESOLVE_" prefix are now deprecated.
CURLOPT_IPRESOLVE ISSUERCERT Pass a string naming a file holding a CA certificate in PEM format. If the option is set, an additional check against the peer certificate is performed to verify the issuer is indeed the one associated with the certificate provided by the option. This additional check is useful in multi-level PKI where one needs to enforce that the peer certificate is from a specific branch of the tree. This option makes sense only when used in combination with the SSLVERIFYPEER option. Otherwise, the result of the check is not considered as failure. CURLOPT_ISSUERCERT KEYPASSWD Pass a string to be used as the password to use the SSLKEY or SSHPRIVATEKEYFILE private key. You never needed a pass phrase to load a certificate but you need one to load your private key. CURLOPT_KEYPASSWD KRB4LEVEL
Use:KRBLEVEL Set the krb4 security level, this also enables krb4 awareness. This is a string, "clear", "safe", "confidential" or "private". If the string is set but doesn't match one of these, "private" will be used. Pass the empty string to disable kerberos4. The kerberos support only works for FTP. CURLOPT_KRB4LEVEL KRBLEVEL Set the kerberos security level for FTP; this also enables kerberos awareness. This is a string, "clear", "safe", "confidential" or "private". If the string is set but doesn't match one of these, "private" will be used. Pass the empty string to disable kerberos. CURLOPT_KRBLEVEL LOCALPORT Sets the local port number of the socket used for connection. This can be used in combination with the INTERFACE option and you are recommended to use LOCALPORTRANGE option as well when this is set. Note that port numbers are only valid 1 - 65535. CURLOPT_LOCALPORT LOCALPORTRANGE This is the number of attempts libcurl should do to find a working local port number. It starts with the given LOCALPORT option and adds one to the number for each retry. Setting this value to 1 or below will make libcurl do only one try for exact port number. Note that port numbers by nature is a scarce resource that will be busy at times so setting this value to something too low might cause unnecessary connection setup failures. CURLOPT_LOCALPORTRANGE LOWSPEEDLIMIT This option should contain a number representing the bytes per second that cURL will use as the lowest transfer rate to run at before it aborts the session as being too slow. CURLOPT_LOW_SPEED_LIMIT LOWSPEEDTIME This option should contain a number representing the number of seconds that cURL will use as the lowest transfer time to run for before it aborts the session as being too slow. CURLOPT_LOW_SPEED_TIME MAILAUTH Pass a string to specify the authentication address (identity) of a submitted message that is being relayed to another server. This optional parameter allows co-operating agents in a trusted environment to communicate the authentication of individual messages and should only be used by the application program, using libcurl, if the application is itself a mail server acting in such an environment. If the application is operating as such and the AUTH address is not known or is invalid, then an empty string should be used for this parameter. Unlike MAILFROM and MAILRCPT options, the address should not be specified within a pair of angled brackets (). However, if an empty string is used then a pair of brackets will be sent by libcurl as required by RFC-2554. CURLOPT_MAIL_AUTH MAILFROM Pass a string to specify the sender's email address when sending SMTP mail. An originator email address should be specified with angled brackets () around it, which if not specified, will be added by libcurl from version 7.21.4 onwards. Failing to provide such brackets may cause the server to reject the email. If this parameter is not specified then an empty address will be sent to the mail server which may or may not cause the email to be rejected. CURLOPT_MAIL_FROM MAILRCPT Specify a stem with a list of recipients to pass to the server in your SMTP mail request. Each recipient should be specified within a pair of angled brackets (), however, should you not use an angled bracket as the first character libcurl will assume you provided a single email address and enclose that address within brackets for you. CURLOPT_MAIL_RCPT MAXCONNECTS You can specify how many persistent connections cURL is to maintain. The default is 5 and unless you know what you are doing leave it alone. CURLOPT_MAXCONNECTS MAXFILESIZE This allows you to specify the maximum size (in bytes) of a file to download. If the file request

Reply all
Reply to author
Forward
0 new messages