rcurlssl-certificatelibcurlhttr

Indicate several curl options via httr::config(ssl_options = c(LIST OF SEVERAL CURLSSLOPT_) )

How to pass several libcurl options via httr::config(ssl_options = ...), please ?

My primary goal is to indicate these 2 arguments : CURLSSLOPT_AUTO_CLIENT_CERT and CURLSSLOPT_NATIVE_CA, in order to rely on the schannel default behavior for establishing a ssl double-auth.

Thanks a lot for any tips and advices.

✅ For example the following will enable schannel correctly and ssl try to rely on local client-cert' :

urll = "https://www.google.com"
    
response <- httr::GET(
        urll,
        httr::config(use_ssl = T ,followlocation = T
             ,  ssl_options = c("CURLSSLOPT_AUTO_CLIENT_CERT"=32)
                , verbose = T ) )

According to the log, the session is able to use client-certificate (i.e. logs indicate that * schannel: enabled automatic use of client certificate)

But I can't figure out how I'm supposed to pass several "ssl_options" ?

❌ The here-after example will result in an error :

         response <- httr::GET(
                urll,
                httr::config(use_ssl = T ,followlocation = T
                     ,  ssl_options = c("CURLSSLOPT_AUTO_CLIENT_CERT"=32 
                                      , "CURLSSLOPT_NATIVE_CA" = 16)  
                        , verbose = T ) )

    Error: curl::handle_setopt(handle, .list = req$options) : 
      Value for option ssl_options (216) must be a number.

Any way to indicate to libcurl several "ssl_options" with httr::config(ssl_options = [??]) ?

Solution

  • According to

    httr::curl_docs("ssl_options")
#> Please point your browser to the following url:
#> http://curl.haxx.se/libcurl/c/CURLOPT_SSL_OPTIONS.html

    it's a bitmask, you could try bitwOr()or simply adding relevant symbols -

    curl::curl_symbols("CURLSSLOPT_")
#>                               name introduced deprecated removed value type
#> 1005        CURLSSLOPT_ALLOW_BEAST     7.25.0       <NA>    <NA>     1 <NA>
#> 1006   CURLSSLOPT_AUTO_CLIENT_CERT     7.77.0       <NA>    <NA>    32 <NA>
#> 1007          CURLSSLOPT_NATIVE_CA     7.71.0       <NA>    <NA>    16 <NA>
#> 1008    CURLSSLOPT_NO_PARTIALCHAIN     7.68.0       <NA>    <NA>     4 <NA>
#> 1009          CURLSSLOPT_NO_REVOKE     7.44.0       <NA>    <NA>     2 <NA>
#> 1010 CURLSSLOPT_REVOKE_BEST_EFFORT     7.70.0       <NA>    <NA>     8 <NA>

    - to set bits:

    httr_cfg <- 
  httr::config(
    use_ssl = TRUE,
    followlocation = TRUE,
    verbose = TRUE,
    ssl_options = 
      curl::curl_symbols("CURLSSLOPT_AUTO_CLIENT_CERT")$value +
      curl::curl_symbols("CURLSSLOPT_NATIVE_CA")$value
  )

httr_cfg
#> <request>
#> Options:
#> * use_ssl: TRUE
#> * followlocation: TRUE
#> * verbose: TRUE
#> * ssl_options: 48

urll = "https://www.google.com"
response <- httr::GET(urll, httr_cfg)

    Created on 2024-12-11 with reprex v2.1.1