cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Configure option --with-ca-path does not work

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Wed, 28 Aug 2013 14:31:10 +0200

On Wednesday 28 August 2013 13:06:02 Andriy Yurchuk wrote:
> Hi!
>
> I am trying to build curl on OpenIndiana. The configure string I pass is
> the following: CC=/usr/gcc/4.3/bin/gcc ./configure
> --with-ca-path=/etc/certs/CA --prefix=/home/oi/curl7320 Installation
> finishes successfully but then if try to fetch an SSL-enabled website I
> get the following:
>
> oi@openindiana:~$ ~/curl7320/bin/curl -L https://google.com
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: http://curl.haxx.se/docs/sslcerts.html
>
> curl performs SSL certificate verification by default, using a "bundle"
> of Certificate Authority (CA) public keys (CA certs). If the default
> bundle file isn't adequate, you can specify an alternate file
> using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
> problem with the certificate (it might be expired, or the name might
> not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
> the -k (or --insecure) option.
>
> I investigated the issue further and did the following:
>
> oi_at_openindiana:~$ cat /etc/certs/CA/*.pem > bundle.pem
> oi@openindiana:~$ ~/curl7320/bin/curl --cacert oi.pem -L https://google.com
>
> And this time it worked.
> So did I misunderstand the --with-ca-path option? I thought it should be
> the directory where all the CA certificates reside and curl can use it I
> don't have a CA bundle. But in my case curl refuses to get the CA
> certificates from that directory, though it works fine if I create a
> bundle of those same CA certificates.

Does it work if you pass the _directory_ to the --capath option of curl?
What does curl --version say?

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-28

This message: [ Message body ]
Next message: Andriy Yurchuk: "Re: Configure option --with-ca-path does not work"
Previous message: Mar�a Calzada P�rez: "Donwloading urls with similar names"
In reply to: Andriy Yurchuk: "Configure option --with-ca-path does not work"
Next in thread: Andriy Yurchuk: "Re: Configure option --with-ca-path does not work"
Reply: Andriy Yurchuk: "Re: Configure option --with-ca-path does not work"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]