cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL question

From: Wiliam Geurts <william.geurts_at_asml.com>
Date: Fri, 08 Jun 2001 08:39:58 +0200

Thanks for the quick response,

The error I get now is:
Enter PEM pass phrase:
curl: (35) unable to set public key file

My william.pem file looks like:
My RSA private key
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Ca certificate
CA client certificate
My own certificate

If I enter a wrong passphrase I get the same message. I am sure that my
passphrase is correct !!!!

We want to access a CA signed Apache server for which we need a signed browser
certificate. Again using Netscape this works fine.

We use openssl 0.9.6a

Daniel Stenberg wrote:

> On Thu, 7 Jun 2001, Wiliam Geurts wrote:
>
> > I started using curl today and experience a problem using my peronal
> > signed certificate. I use my Netscape certificate (which is working
> > perfect in my netscape enviroment), I exported and converted this
> > certificate using "openssl pkcs12 -in william.p12 -out cert.pem". When I
> > start curl I must enter my password and then I just get an error 35. This
> > certificate is signed by a CA.
>
> I just noticed that a more specific error message is overwritten by that
> "couldn't use certificate" message, why we can't tell exactly what OpenSSL
> function that fails. (This will be fixed for the next release.)
>
> > $ /opt/curl/bin/curl --cert ./cert.pem https://www.somewhere.nl
> > Enter PEM pass phrase:
> > curl: (35) couldn't use certificate!
>
> This happens because one of three different reasons:
>
> 1. curl fails with 'use_certificate_file'
> 2. curl fails with 'use_PrivateKey_file'
> 3. curl fails with 'check_private_key'
>
> The above functions are done in that order. The first of them that fails
> causes that error message to appear. Did you concatenate your private key and
> your private certificate?
>
> Apply this fix to get a more specific error message:
>
> diff -u -r1.22 ssluse.c
> --- ssluse.c 2001/05/30 08:00:29 1.22
> +++ ssluse.c 2001/06/07 12:36:38
> @@ -316,7 +316,7 @@
>
> if(data->cert) {
> if (!cert_stuff(conn, data->cert, data->cert)) {
> - failf(data, "couldn't use certificate!\n");
> + /* failf() is already done in cert_stuff() */
> return CURLE_SSL_CONNECT_ERROR;
> }
> }
>
> --
> Daniel Stenberg -- curl dude -- http://curl.haxx.se/

--
William Geurts                                  ASM-Lithography B.V.
2D1089                                          Run 1110,
+31-(0)40-2683692                               5503 LA VELDHOVEN
William.Geurts_at_asml.nl

text/x-vcard attachment: Card for Wiliam Geurts

Received on 2001-06-08

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: resolving names fail (was Re: openssl and libcurl)"
Previous message: Daniel Stenberg: "cookies on multiple URLs (was Re: ANNOUNCE: curl 7.8)"
In reply to: Daniel Stenberg: "Re: SSL question"
Next in thread: Daniel Stenberg: "Re: SSL question"
Reply: Daniel Stenberg: "Re: SSL question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]