cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL question

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 7 Jun 2001 14:43:20 +0200 (MET DST)

On Thu, 7 Jun 2001, Wiliam Geurts wrote:

> I started using curl today and experience a problem using my peronal
> signed certificate. I use my Netscape certificate (which is working
> perfect in my netscape enviroment), I exported and converted this
> certificate using "openssl pkcs12 -in william.p12 -out cert.pem". When I
> start curl I must enter my password and then I just get an error 35. This
> certificate is signed by a CA.

I just noticed that a more specific error message is overwritten by that
"couldn't use certificate" message, why we can't tell exactly what OpenSSL
function that fails. (This will be fixed for the next release.)

> $ /opt/curl/bin/curl --cert ./cert.pem https://www.somewhere.nl
> Enter PEM pass phrase:
> curl: (35) couldn't use certificate!

This happens because one of three different reasons:

 1. curl fails with 'use_certificate_file'
 2. curl fails with 'use_PrivateKey_file'
 3. curl fails with 'check_private_key'

The above functions are done in that order. The first of them that fails
causes that error message to appear. Did you concatenate your private key and
your private certificate?

Apply this fix to get a more specific error message:

diff -u -r1.22 ssluse.c
--- ssluse.c 2001/05/30 08:00:29 1.22
+++ ssluse.c 2001/06/07 12:36:38
@@ -316,7 +316,7 @@

   if(data->cert) {
     if (!cert_stuff(conn, data->cert, data->cert)) {
- failf(data, "couldn't use certificate!\n");
+ /* failf() is already done in cert_stuff() */
       return CURLE_SSL_CONNECT_ERROR;
     }
   }

-- 
     Daniel Stenberg -- curl dude -- http://curl.haxx.se/
Received on 2001-06-07