cURL / Mailing Lists / curl-library / Single Mail


Re: libcurl with client ssl certificate

From: Ralph Mitchell <>
Date: Mon, 20 Aug 2012 07:42:46 -0400

On Mon, Aug 20, 2012 at 2:14 AM, Chris Baylis <> wrote:

> Thank you all for your input. It lead me to a little investigation and
> as it turns out I didn't know what I was doing with the keys.
> Originally the client key was signed by the client itself. I now have
> client keys, signed by the web server. And can run simplessl.c with my
> keys and curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile) disabled.
> Curious though how `curl -E cert url` worked in the original
> scenerario when simplessl.c did not.

Judging by the outputs in your original email, command-line curl was
looking in the /etc/ssl/certs *directory* for a CA cert to validate the
server, whereas the compiled program was looking either in the
 /etc/ssl/certs/ca-certificates.crt *file* (as shown in the output), or in
the cert.pem *file* (as shown in the source snippet). So, maybe the CA
cert for your server is sitting in the directory, but is not appended to
whichever file was read?

Ralph Mitchell

List admin:
Received on 2012-08-20