RE: 'unable to use client certificate...' is inconsistent across executables
Date: Mon, 5 Mar 2007 17:02:55 -0500
Sorry all - there is no problem. Some obscure makefile issue prevented
that particular file from recompiling.
Causing my utter confusion.
From: Cary Fitzhugh
Sent: Monday, March 05, 2007 2:08 PM
Cc: Cary Fitzhugh
Subject: 'unable to use client certificate...' is inconsistent across
I have a product which is trying to use curl to get/post etc to an https
I was unable to get it to work - the error is:
* About to connect() to localhost port 8010 (#0)
* Trying 127.0.0.1... * connected
* Connected to localhost (127.0.0.1) port 8010 (#0)
* unable to use client certificate (no key found or wrong pass phrase?)
* Closing connection #0
* problem with the local SSL certificate
Now, if I curl from the command line, it works.
Curl -k -E ../opt/config/device.pem https://localhost:8010/device/abc
So I figured it was something in my setup of libcurl.
To test that I modified the simplessl.c file and it's contents are at
the end of this email.
My problem now becomes more difficult because the simplessl-mutant works
When I spliced that code directly into my product, my product still
fails with the error above about being unable to use the client
They use the same .pem and .crt files, and have the same relative paths
to the files.
The two executables run on the same machine under cygwin.
As far as I can tell there are no ssl or curl calls before my spliced-in
Any ideas what would cause two executables with the same parameters to
allow a certificate in one place and not in another?
Thanks for any suggestions...
**** SimpleSSL.c - Mutant ****
int main(int argc, char **argv)
const char *pCertFile = argv;
const char *pCACertFile= argv;
const char *pKeyName;
const char *pKeyType;
curl = curl_easy_init();
printf("pem file: %s\nCAFile: %s\n", argv, argv);
curl_easy_setopt(curl, CURLOPT_URL, argv);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
res = curl_easy_perform(curl);
Received on 2007-03-05