cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Latest PEM file is not trusting yahoo.com and many other sites.

From: Arif Ali <arif.ali.syed_at_gmail.com>
Date: Tue, 9 Dec 2014 15:27:40 +0530

Hi Daniel,
              Thanks for responding your suggestion did work for me.
Now I can open yahoo in my windows app( using curl)

But just curious how firefox was opening it, is firefox trusting more CAs
than what's their in latest PEM file from
http://curl.haxx.se/docs/caextract.html

@Guenter : Thanks method mentioned by Daniel worked for me. however prior
to reading Daniel's response. I had downloaded older version CRT file you
mentioned but was struggling to convert that to PEM file and then I
saw Daniel's
response and it worked for me.

Thanks you both for your help.
--------------------------

However my ultimate goal is to build curl on windows with SSL so that it
will trust windows cert store and I will not have to worry about updating
the PEM file in my windows-app.
maintaining and updating that would be additional work.

Already running a separate thread on this helpful mailing-list.

-Arif

-Arif

On Tue, Dec 9, 2014 at 3:04 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Tue, 9 Dec 2014, Arif Ali wrote:
>
> I have also tried mk-ca-bundle tool and created a latest pem file but
>> result is same.
>>
>
> Well of course, as the site is using that.
>
> If you include the "MUST_VERIFY_TRUST" certs (with -p) you probably get
> more certs included, but yeah then you include certs that have a lesser
> degree of trust according to the bits in the bundle.
>
> --
>
> / daniel.haxx.se
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-12-09