curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl problem with SSL

From: Daniel Stenberg via curl-library <>
Date: Sun, 21 Jul 2019 12:42:55 +0200 (CEST)

On Sun, 21 Jul 2019, Subrata Dasgupta via curl-library wrote:

Hi, please consider using emails in text format when sending it to this (and
other?) mailing lists going forward. I read mails in text format only and the
list archive on the curl web site also doesn't convert HTML-only emails
properly. Your mail thus looks like this to me and the archive:

... as you can see, it is hard to understand with no good reason!

> Can you please help me to understand why below mentioned problem is coming?

I can try.

> Earlier a 32 bit c++ application was using curl-7.20.1 and there was no
> problem while connecting with the SSL enabled device over HTTPS.

Are you using the same TLS library and version with your upgraded libcurl as
you used with than ancient libcurl version? (I hope you're not, since then
you're probably vulnerable to numerous securely problems.)

Which TLS library and version are you using?

> But when library is upgraded to libcurl-7.61.1 c++ application is getting
> few strange errors while working with new curl library though there is no
> change in the application source code or certificate.

It is possible that your upgrade has increased the default levels.

> In the logs I am getting following error strings.TLSv1.2 (IN), TLS
> handshake, Finished (20):SSL connection using TLSv1.2 /
> ECDHE-RSA-AES256-GCM-SHA384ALPN, server did not agree to a protocol SSL
> certificate verify result: unable to get local issuer certificate (20),
> continuing anyway.

So your transfer succeeds, you're just curious about this log output?

> skipping SSL peer certificate verification

I strongly recommend you do NOT do this. It makes your HTTPS use totally

> Same certificate file was also used earlier but there was no error.

You mean CA cert file? But that's pointless when you switch off the checks

What is the actual error from the transfer?

  / | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
Received on 2019-07-21