cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CA Certificates on Windows

From: Michal Lukáč <lukac_at_ica.cz>
Date: Fri, 20 May 2011 10:07:21 +0200

> Date: Thu, 19 May 2011 16:03:09 +0200
> From: Ben Noordhuis <info_at_bnoordhuis.nl>
> To: libcurl development <curl-library_at_cool.haxx.se>
> Subject: Re: CA Certificates on Windows
> Message-ID: <BANLkTing+DT7mFUXwuJ6DWWFw2W26FXWGg_at_mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-2
>
> 2011/5/19 Michal Luk?? <lukac_at_ica.cz>:
> > I'm using the latest win32 binary of the libcurl library to
> > provide a HTTPS backend to a larger application (essentially, just to
> send a
> > POST request to a CGI script and parse a reply). The problem,
> however, is
> > that I can't seem to verify the server's CA certificate.
> >
> > Since I'm not using the curl command line tool and the application
> should be
> > distributable without needing to install it, I was looking into
> options of
> > directly feeding the CA certificate to the library. The root
> certificate is
> > stored in windows cert storage, which I understand libcurl with
> OpenSSL
> > cannot directly access. I have tried exporting it as PEM and then
> using
> > CURLOPT_CAINFO to set this certificate as the certificate bundle, but
> that
> > simply fails with error 77 on curl_easy_perform without much
> explanation
> > (setting CURLOPT_CAPATH to NULL or the proper directory makes no
> > difference).
> >
> > What is the correct way to do this, then?
>
> I would start with some test requests through `openssl s_client` to
> check if the PEM file is actually understood by OpenSSL.

That's where the problem was. OpenSSL s_client helped find the problem with
the certificate (it was the wrong one, though they differed in serial number
only), and once I got s_client to accept it, curl did as well.

Thank you for your time.
 

__________ Informace od ESET NOD32 Antivirus, verze databaze 6136 (20110519)
__________

Tuto zpravu proveril ESET NOD32 Antivirus.

http://www.eset.cz
 

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • application/x-pkcs7-signature attachment: smime.p7s
Received on 2011-05-20