Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: A error log when used the curl command tool in embedded linux device

From: Ray Satiro via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 14 Dec 2016 02:49:33 -0500

On 12/13/2016 9:59 PM, 杨俊 wrote:
> 2. test it in my device, and it was NG.
> -----log -----------------
> /tmp # ./curl -v --cacert cacert-2016-11-02.pem https://curl.haxx.se
> * Rebuilt URL to: https://curl.haxx.se/
> * Trying 80.67.6.50...
> * TCP_NODELAY set
> * Connected to curl.haxx.se <http://curl.haxx.se> (80.67.6.50) port
> 443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * Cipher selection:
> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * successfully set certificate verify locations:
> * CAfile: cacert-2016-11-02.pem
> CApath: none
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (OUT), TLS alert, Server hello (2):
> * SSL certificate problem: unable to get local issuer certificate
> * Curl_http_done: called premature == 1
> * stopped the pause stream!
> * Closing connection 0
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> ---------------------------------------
> my version
> ------------log-------------
> /tmp # ./curl -V
> curl 7.51.0 (arm-hisiv400-linux-gnueabi) libcurl/7.51.0 OpenSSL/1.1.0c
> nghttp2/1.17.0
> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> rtsp smb smbs smtp smtps telnet tftp
> Features: IPv6 Largefile NTLM NTLM_WB SSL TLS-SRP HTTP2 UnixSockets
> /tmp #

that's interesting. can someone with libcurl/7.51.0 and OpenSSL/1.1.0c
try to connect to curl.haxx.se with cacert-2016-11-02.pem? I am still on
the 1.0.2 series.

>
> ​/tmp # ./openssl s_client -connect curl.haxx.se:443
> <http://curl.haxx.se:443> -CApath /tmp/cacert-2016-11-
> 02.pem
> CONNECTED(00000003)
> depth=0 CN = anja.haxx.se <http://anja.haxx.se>
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 CN = anja.haxx.se <http://anja.haxx.se>
> verify error:num=21:unable to verify the first certificate
> verify return:1
> ---
> Certificate chain
> 0 s:/CN=anja.haxx.se <http://anja.haxx.se>
> i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> i:/O=Digital Signature Trust Co./CN=DST Root CA X3
> ---
>
> Sorry for my stupid actions again. >"<
> Is this email etiquette?

As I mentioned you'll need -servername. Also you are using -CApath but
you should be using -CAfile. 'etiquette' is as it's described in the
link I gave you, you quote the relevant content and put your reply below
the quote.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-12-14