2011/5/19 Michal Lukáè <lukac_at_ica.cz>:
> I'm using the latest win32 binary of the libcurl library to
> provide a HTTPS backend to a larger application (essentially, just to send a
> POST request to a CGI script and parse a reply). The problem, however, is
> that I can't seem to verify the server's CA certificate.
>
> Since I'm not using the curl command line tool and the application should be
> distributable without needing to install it, I was looking into options of
> directly feeding the CA certificate to the library. The root certificate is
> stored in windows cert storage, which I understand libcurl with OpenSSL
> cannot directly access. I have tried exporting it as PEM and then using
> CURLOPT_CAINFO to set this certificate as the certificate bundle, but that
> simply fails with error 77 on curl_easy_perform without much explanation
> (setting CURLOPT_CAPATH to NULL or the proper directory makes no
> difference).
>
> What is the correct way to do this, then?

I would start with some test requests through `openssl s_client` to
check if the PEM file is actually understood by OpenSSL.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-05-19