cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Curl with DER certificates format when verifypeer is enabled

From: Michael Wood <esiotrot_at_gmail.com>
Date: Tue, 9 Oct 2012 08:26:32 +0200

On 9 October 2012 07:26, bala suru <balaqemu_at_gmail.com> wrote:
> Hi,
>
> Today I have enabled the CURLOPT_SSL_VERIFYPEER to true , since I have to
> verify my server certificates . Used and ECC crypto and generated the server
> certificates in DER format ( it required have certificate in DER format) .
>
> Till SSl handshke went fine when it come to peer verification , I got the
> below curl error "curl_easy_perform() failed: SSL connect error , error no
> is 35 ".
>
> After going through few posts I came to know that this error may be because
> of DER format .
>
> I need to confirm that my error is because of fomrat only , if it is yes , I
> need a help to fix this problem at the curl side ..

Yes, I believe libcurl cannot handle DER format certificates (unless
you do some magic with SSL contexts or something, I think.
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLCTXFUNCTION).

Just convert them to PEM format. It does not matter what format the
server needs. You do not need to convert them on the server.

e.g.:

http://support.citrix.com/article/CTX106631
http://www.sslshopper.com/article-most-common-openssl-commands.html

-- 
Michael Wood <esiotrot_at_gmail.com>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-09