On Sun, 25 Jan 2004, Domenico Andreoli wrote:

> i'm sorry to inform you that this last release has a broken ssl support.
> whichever ssl site you visit curl will always respond with error 60 "SSL
> certificate problem, verify that the CA cert is OK".

This puzzles me, as I am able to get pages over https. An example:

 $ curl https://sourceforge.net/

[html is received]

(using my development curl with a previously installed CA cert bundle)

> i don't know how ssl tests passed...

The SSL tests in the curl test suite mostly (if not all) use curl -k and even
if they didn't, they would never have a certificate signed by on of the CAs in
the CA cert bundle so that couldn't be used anyway...

> i verified it on https://www.poste.it both using curl and openssl.

I can retrieve HTML from https://www.poste.it just fine.

> i verified also if this problem was due to the boudle certificate curl
> installs, but everything seems to indicate curl as the real guilty,
> certificates are ok.

Sorry, but I would need more details/research. This works for me.

And I'm using *exactly* the same CA cert bundle that we're currently shipping
in the release archive so I don't understand where this problem is.

> debian bug tracking system has two reports for this bug (#228182 and
> #228024) [0]. i'm sorry to not have pointed this out during the pre period,
> but in this last week i was really busy with work with even too little time
> for sleeping :(((

I would like anyone who experiences this problem to really verify that the
correct CA cert bundle is installed properly and really used by libcurl.

-- 
    Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
   [[ Do not send mails to this email address. They won't reach me. ]]
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn