cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: How to convert SSL certificate into .PEM

From: Götz Babin-Ebell <babin-ebell_at_trustcenter.de>
Date: Thu, 09 Oct 2003 12:24:52 +0200

Hallo Ali,

Ali Yildirim wrote:

>>> Hello all, I get the folowing results when I execute a curl command
>>> attempting to access a secure site:
>>>
>>> D:\cURL\ssl>curl -v --cacert mycert.pem -o test.txt
>>> "https://mydomain.mycompany.com/DWNLD.asp?id=128" * About to
>>> connect() to mydomain.mycompany.com:443 * Connected to
>>> mydomain.mycompany.com (vvv.xxx.yyy.zzz) port 443 * SSL:
>>> error:00000000:lib(0):func(0):reason(0) * Closing connection #0 curl:
>>> (35) SSL: error:00000000:lib(0):func(0):reason(0)
>>
>> I think you need to use the '-k' option. AFAIK it's the server's
>> certificate or (CA-path) that OpenSSL is complaining about, not yours.
>
> I cannot use the -k option. Since our application will be called by a
> client using libcurl,
> I need to provide our client with the .PEM file.

Figure out the instance that issues the certificate and include
their CA certificate.

If it is really your host, this is simple.
If the server belongs to somebody else,
figure out who _should_ issue the server certificate.

After that make sure the CA certificate is really the
CA certificate from the issuer (and not ftom some
evil hacker that poisoned your DNS...)

Fetching the CA certificate by doing a SSL connect
is bad, bacause somebody could have hijacked the connection,
and further CA verifications would ensure you connect
to the host of the evil hacker...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php

Received on 2003-10-09