Hi,

I can explain the behaviour.

Within the PolarSSL patch in cURL, there is a call to
ssl_get_verify_result(), where the result of the certification
validation is retrieved.

In case of a self-signed certificate, where the CA certificate is not
passed to the library as trusted, PolarSSL will return BADCERT_NOT_TRUSTED.

So it depends on the interpretation of the results of the call here.

If anybody can suggest a better way of handling it (either in the patch
or in PolarSSL) please let me know!

Best regards,
Paul Bakker

On Wed, 21 Jul 2010, dharmesh desai wrote:

> Is polar ssl is not working with self signed certificate generated by
> openssl?

Questions about PolarSSL might be better directed to the PolarSSL
developers rather than here.

The PolarSSL support in curl is very recent and I expect that we don't
have that many users nor developers who are used to using that. I for
example have only tried out some basic operations using it.

> Please give some solutions if anybody has done any exercise with
polarssl with curl.

As you say the same thing works with OpenSSL then I would say it is a
bug/issue, so the question is then if the problem is within libcurl or
within PolarSSL. I assume only some proper debugging can provide the
answers...
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-07-25