cURL / Mailing Lists / curl-users / Single Mail


Verify incomplete chain

From: Jan Prachar <>
Date: Wed, 13 Apr 2016 15:01:15 +0200


I can't figure out the following problem. Maybe some of you could help me
to understand it.

if I compile curl with OpenSSL
./configure --with-ca-path=/etc/ssl/certs
--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt --with-ssl

and then run
curl -v

I get error that certificate verification failed (unable to get local
issuer certificate) as expected.

But I compile curl with gnutls
./configure --with-ca-path=/etc/ssl/certs
--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt --without-ssl

And then try the same URL, the server certificate is verified. How it is
possible? I checked that the missing CA certificate isn't downloaded
according to AIA extension. Could be there a bug in gnutls library? (I have
version 3.4.10).

Thanks for help!


List admin:
Received on 2016-04-13