cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL on windows question!

From: Wei Weng <wweng_at_kencast.com>
Date: Wed, 24 May 2006 19:06:25 -0400

Daniel Stenberg wrote:
> On Wed, 24 May 2006, Wei Weng wrote:
>
>> I tried to do
>>
>> curl_easy_setopt(m_conn, CURLOPT_SSL_VERIFYPEER, 1);
>> curl_easy_setopt(m_conn, CURLOPT_CAINFO, "D:\\Temp\\bundle.crt");
>>
>> But I always gets this error message:
>>
>> problem with the SSL CA cert (path? access rights?)
>>
>> (Translated from error code returned from curl_easy_perform)
>
> Does a VERBOSE output reveal any further hints?
>
> I believe that error description is a bit misleading. CURLE_SSL_CACERT
> is returned from two places (assuming you use OpenSSL) and both occur
> when a verifying of the peer fails. Thus, the cert is most likely
> possible to read but it just can't verify the peer's certificate.
>
I am running windows and all of my debug output is captured by debug
monitor.(dbmon utility downloaded from sysinternal.com) I can check the
verbose output on linux tomorrow though.

Ok I don't really care about verifying peers for now. So I did the
following:

    curl_easy_setopt(m_conn, CURLOPT_SSL_VERIFYPEER, 0);
    curl_easy_setopt(m_conn, CURLOPT_CAINFO, NULL);
    curl_easy_setopt(m_conn, CURLOPT_CAPATH, NULL);

In the instructions/manpage, this should be sufficient to disable the
verifying peer process. But I still get this error:

SSL peer certificate was not ok.

Any clues?

Thanks

Wei
Received on 2006-05-25