cURL / Mailing Lists / curl-library / Single Mail

curl-library

SSL cert error with CURLOPT_SSL_VERIFYPEER

From: Stephen Collyer <scollyer_at_netspinner.co.uk>
Date: Thu, 16 Jul 2009 16:08:34 +0100

I'm using: libcurl/7.19.0 OpenSSL/0.9.8h zlib/1.2.3 libidn/1.10 on Opensuse
11.1

When I try to verify the peer cert with the following code:

curl_easy_setopt(curl_, CURLOPT_CAINFO, ca_cert_file_);
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYHOST, 2L);

I get an SSL connect error from the curl based client, and the curl
error buffer says:

error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for
modulus

If I disable the CURLOPT_SSL_VERIFYPEER by setting it to 0L, the connectiion
is set up correctly.

I'm pretty certain that the CA cert file that I point to with ca_cert_file_
contains a valid CA cert (it works fine in code not based on curl).

Can anyone suggest what the problem may be ? I'm not enough of an
openSSL guru to be able to decode the error message any further,

-- 
Stephen Collyer
Received on 2009-07-16