How to use TLS client certificates with HTTP.jl

bluesmoon · June 3, 2020, 2:55am

How do I connect to a HTTPS server that requires client certificates using HTTP.jl?

I can do this with LibCURL.jl with the following options:

    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1)   # Verify the peer's SSL cert
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2)   # Verify the server's Common Name
    curl_easy_setopt(curl, CURLOPT_SSLVERSION, 7<<16)   # Try highest version up to TLS 1.3

    curl_easy_setopt(curl, CURLOPT_SSLCERT, certpath)   # Set the client cert path
    curl_easy_setopt(curl, CURLOPT_SSLKEY, keypath)     # Set the client cert private key path

    curl_easy_setopt(curl, CURLOPT_CAINFO, cacertpath)  # Set a CA cert path

I get various Garbage Collection related segfaults when using LibCURL.jl, so I’m looking into using HTTP.jl instead, however I cannot figure out from the docs how I’d set these TLS options.

Any help appreciated.

schlichtanders · February 24, 2023, 12:07pm

@bluesmoon have you found a solution back then?

bluesmoon · February 24, 2023, 1:27pm

No. I ended up making a higher level wrapper around LibCURL and using that. Much more versatile, even allows parallel downloads.

Figured out the GC issues were due to the order of command execution.

bluesmoon · September 29, 2023, 4:17pm

If it still matters to you, I ended up releasing our fix as a new package: GitHub - bluesmoon/CurlHTTP.jl: CurlHTTP is a wrapper around LibCURL that provides a more Julia like interface to doing HTTP via Curl.