cURL / Mailing Lists / curl-library / Single Mail


RE: 'unable to use client certificate...' is inconsistent across executables

From: Cary Fitzhugh <>
Date: Mon, 5 Mar 2007 17:02:55 -0500

Sorry all - there is no problem. Some obscure makefile issue prevented
that particular file from recompiling.

Causing my utter confusion.



Cary FitzHugh



From: Cary Fitzhugh
Sent: Monday, March 05, 2007 2:08 PM
Cc: Cary Fitzhugh
Subject: 'unable to use client certificate...' is inconsistent across




I have a product which is trying to use curl to get/post etc to an https

I was unable to get it to work - the error is:


* About to connect() to localhost port 8010 (#0)

* Trying * connected

* Connected to localhost ( port 8010 (#0)

* unable to use client certificate (no key found or wrong pass phrase?)

* Closing connection #0

* problem with the local SSL certificate


Now, if I curl from the command line, it works.

Curl -k -E ../opt/config/device.pem https://localhost:8010/device/abc


So I figured it was something in my setup of libcurl.

To test that I modified the simplessl.c file and it's contents are at
the end of this email.


My problem now becomes more difficult because the simplessl-mutant works

When I spliced that code directly into my product, my product still
fails with the error above about being unable to use the client


They use the same .pem and .crt files, and have the same relative paths
to the files.

The two executables run on the same machine under cygwin.

As far as I can tell there are no ssl or curl calls before my spliced-in


Any ideas what would cause two executables with the same parameters to
allow a certificate in one place and not in another?


Thanks for any suggestions...

Cary FitzHugh



**** SimpleSSL.c - Mutant ****

int main(int argc, char **argv)


   CURL *curl;

   CURLcode res;



   const char *pCertFile = argv[1];

   const char *pCACertFile= argv[2];


   const char *pKeyName;

   const char *pKeyType;




   curl = curl_easy_init();

   if(curl) {

     printf("pem file: %s\nCAFile: %s\n", argv[1], argv[2]);


     curl_easy_setopt(curl, CURLOPT_URL, argv[3]);

     curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);






     curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);


     res = curl_easy_perform(curl);







   return 0;

Received on 2007-03-05