CCurlCertificates manages custom SSL/TLS certificate loading for CURL-based HTTP connections. It loads PEM certificate files into memory and injects them into the OpenSSL context when CURL establishes an HTTPS connection.
This is used when the system certificate store is insufficient or unavailable — for example, when shipping a custom cacert.pem bundle with the game client.
Header: nel/web/curl_certificates.h
#include <nel/web/curl_certificates.h>
// Load a PEM certificate bundle (typically done once at startup)
NLWEB::CCurlCertificates::addCertificateFile("cacert.pem");
// Later, when setting up a CURL handle:
CURL *curl = curl_easy_init();
NLWEB::CCurlCertificates::useCertificates(curl);
// ... use curl normally ...
| Method | Description |
|---|---|
addCertificateFile(cert) |
Load X.509 certificates from a PEM file into memory. Can be called multiple times to load additional certificates. |
useCertificates(curl) |
Register an SSL context callback on the given CURL handle that injects all loaded certificates into the OpenSSL certificate store. |
addCertificateFile reads the PEM file, parses each certificate using OpenSSL's PEM_read_bio_X509, and stores them in an in-memory list.useCertificates sets CURLOPT_SSL_CTX_FUNCTION on the CURL handle to a callback that adds all loaded certificates to the SSL context's certificate store via X509_STORE_add_cert.The Ryzom client loads a custom certificate bundle from the CurlCABundle config variable:
if (!ClientCfg.CurlCABundle.empty())
{
NLWEB::CCurlCertificates::addCertificateFile(ClientCfg.CurlCABundle);
}
This is applied to CURL handles used by the in-game web browser and the login system.