cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curl-with openssl fails on the target

From: Indtiny s <indtiny_at_gmail.com>
Date: Wed, 24 Jul 2013 17:10:29 +0530

Hi ,

I am using openssl 1.0.1c and curl curl-7.28.1

my curl settings are below .

curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST,"ECDHE-ECDSA-AES128-CCM");
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLCERT,"/tmp/CliCom.crt");
curl_easy_setopt(curl,CURLOPT_SSLKEY,"/tmp/ClientKey.pem");
curl_easy_setopt(curl,CURLOPT_CAINFO,"/tmp/RootCA.crt");
curl_easy_setopt (curl, CURLOPT_CAPATH, "/tmp/");

Error log :

/tmp # ./curlClient GET index.html
* About to connect() to 192.168.1.127 port 443 (#0)
* Trying 192.168.1.127...
* connected
* Connected to 192.168.1.127 (192.168.1.127) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /tmp/RootCA.crt
  CApath: /tmp/
* SSL certificate problem: certificate is not yet valid
* Closing connection #0
* Peer certificate cannot be authenticated with given CA certificates
curl_easy_perform return value= Peer certificate cannot be authenticated
with given CA certificates

 the same setting works when I run the client on PC . even I had tried with
RSA certificates as well but getting the same error .

Rgds
Indra

On Wed, Jul 24, 2013 at 4:20 PM, Oscar Koeroo <okoeroo_at_nikhef.nl> wrote:

>
>
> The error hints that the CA certificate could not be found to verify the
> certificate of the other peer. Perhaps they are missing, the hash
> filenames in the CA directory doesn't match the switch over between
> 0.9.8 and the 1.x.x version., or something went wrong providing the CA
> file explicitly.
>
>
> Could you provide some more information? Like which settings, OpenSSL
> version and more debug output?
>
>
> Oscar
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-07-24