Hi,
When I use curl with crlfile, I got following error.
What does it mean "unable to get certificate CRL"?
Is it trying to get CRL from server cert or CA cert? If yes, why do
that? (I already specified the CRL file)

curl --capath ca https://10.155.60.222 -v --crlfile crl.pem
* About to connect() to 10.155.60.222 port 443 (#0)
* Trying 10.155.60.222...
* connected
* Connected to 10.155.60.222 (10.155.60.222) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: ca
* successfully load CRL file:
* CRLfile: crl.pem
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get certificate CRL
* Closing connection #0
curl: (60) SSL certificate problem: unable to get certificate CRL
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-03-28