>> I set up a https webserver with a keystore generated using keytool . When
>> i tried to get a web page through libcurl it is returning error code 60.
>> if CURLOPT_VERIFY_SSLPEER option is set false I am able to get the page .
>> But when I set it to TRUE and gave CURLOPT_CAINFO as the cacert.pem which
>> I used for generating the keystore. But still it is giving error code 60.
>
> It means that either that cert can't be verified by your CA cert or that
> the host name in the server's cert doesn't match the host name you access
> with libcurl.
recently I felt on this error (i.e CURLE_SSL_CACERT), the problem is that
OMHO it encompasses too many cases: missing or invalid cert file, good file
but no possible validation of server certificate...
would it be acceptable to split this error into two or three smaller ones:
it's not easy at all for a user to understand the real cause because of this
mix. so there would be for example:
CURLE_SSL_CACERT_MISSING: missing CACERT file
CURLE_SSL_CACERT_INVALID: file present but invalid
CURLE_SSL_CACERT: target SSL certificate not acceptable

Regards
Armel
Received on 2006-10-08