cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL on windows question!

From: Wei Weng <wweng_at_kencast.com>
Date: Thu, 25 May 2006 14:17:38 -0400

Daniel Stenberg wrote:
> On Wed, 24 May 2006, Wei Weng wrote:
>
>> I tried to do
>>
>> curl_easy_setopt(m_conn, CURLOPT_SSL_VERIFYPEER, 1);
>> curl_easy_setopt(m_conn, CURLOPT_CAINFO, "D:\\Temp\\bundle.crt");
>>
>> But I always gets this error message:
>>
>> problem with the SSL CA cert (path? access rights?)
>>
>> (Translated from error code returned from curl_easy_perform)
>
> Does a VERBOSE output reveal any further hints?
>
> I believe that error description is a bit misleading. CURLE_SSL_CACERT
> is returned from two places (assuming you use OpenSSL) and both occur
> when a verifying of the peer fails. Thus, the cert is most likely
> possible to read but it just can't verify the peer's certificate.
>
The binary (curl.exe and assorted SSL libraries) that I use is
http://my.guardpuppy.com/libcurl-7.15.1-msvc-win32-ssl-0.9.8a-zlib-1.2.3.zip.

The command line I used is:

curl.exe https://192.168.1.155:11112/admin/vim.rpm --cacert bundle.crt
--verbose -o vim.rpm

And the output I get is:

* About to connect() to 192.168.1.155 port 11112
* Trying 192.168.1.155... connected
* Connected to 192.168.1.155 (192.168.1.155) port 11112
* successfully set certificate verify locations:
* CAfile: bundle.crt
  CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify fai
d
* Closing connection #0

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify fai
d
More details here: http://curl.haxx.se/docs/sslcerts.html

The bundle.crt is just ca-bundle.crt file I copied and renamed from the
source.

The size of that file is 238102.

Any ideas?

Thanks

Wei
Received on 2006-05-25