cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURLOPT_CAPATH returning CURLE_NOT_BUILT_IN on MacOS 10.10

From: Volker Schmid <volker.schmid_at_regify.com>
Date: Wed, 26 Aug 2015 11:15:44 +0200

Am 25.08.2015 um 22:50 schrieb Daniel Stenberg:
> On Tue, 25 Aug 2015, Volker Schmid wrote:
>
>> Version:7.43.0
>> Host: i386-apple-darwin14.0
>> SSL Version: SecureTransport
>> ZLib version: 1.2.5
>> Features: CURL_VERSION_SSL + CURL_VERSION_NTLM + CURL_VERSION_IPV6 +
>> CURL_VERSION_LIBZ + CURL_VERSION_ASYNCHDNS
>>
>> Now I try to assign a CAPATH using CURLOPT_CAPATH value for function
>> curl_easy_setopt(). The provided value is "/System/Library/Keychains/"
>> (without quotes, folder exists). The result of the call is error 4
>> (CURLE_NOT_BUILT_IN).
>
> The reason for this is actually mentioned in the man page for this option:
>
> This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The
> NSS backend provides the option only for backward compatibility.
>
> ... meaning that the SecureTransport backend does not support CURLOPT_CAPATH.

Thanks for the answer. Ok, I understand. But on MacOS I also do not have some cacerts.pem file usable with CURLOPT_CAINFO. So how to make this working? Or do I need to provide this file?

I do not need self signed certificates to work but what is the correct way? Maybe I do not even have to use CURLOPT_CAPATH or CURLOPT_CAINFO on MacOS at all? Sadly I can not test that much on the customers machine. So best is to know the correct way before sending him a test version...

Or should I ignore the error 4 if ssl version is "SecureTransport" on MacOS and simply continue?

>> Any idea what might be wrong here? Is it my code (worked fine for about 20
>> Macs in the past 5 months) or is there something else? Maybe the most recent
>> MacOS update broke something?
>
> I'm pretty sure it only worked while the Macs were still providing libcurl
> versions built to use openssl, which they stopped with a while ago when they
> switched over to building libcurl with the SecureTransport backend.

I know it working on some standard Mac 10.10 Yosemite machines a few weeks ago with no problems! It looks like the last Mac updates have changed this...

Best,

Volker

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-08-26

This message: [ Message body ]
Next message: Ken Alverson: "My first post for verification"
Previous message: Yile Ku: "pthreads question"
In reply to: Daniel Stenberg: "Re: CURLOPT_CAPATH returning CURLE_NOT_BUILT_IN on MacOS 10.10"
Next in thread: Daniel Stenberg: "Re: CURLOPT_CAPATH returning CURLE_NOT_BUILT_IN on MacOS 10.10"
Reply: Daniel Stenberg: "Re: CURLOPT_CAPATH returning CURLE_NOT_BUILT_IN on MacOS 10.10"
Reply: Nick Zitzmann: "Re: CURLOPT_CAPATH returning CURLE_NOT_BUILT_IN on MacOS 10.10"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]