cURL / Mailing Lists / curl-users / Single Mail


Problems with SSL in xmlrpc-c using curl

From: Leonardo L. P. da Mata <>
Date: Tue, 25 Sep 2007 11:08:42 -0300


i have looked for information about that in the net, but i couldn't
find the answer.

i'm trying to connect to https server running a xmlrpc application,
but the certificate cannot be correct checked.
the error is:

Error: Curl failed to perform HTTP POST request. curl_easy_perform()
says: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (-504)

the source code of the application fails in
die_if_fault_occurred(&env);. The env is filled with the error above.

the source:

char * xmlrpc(char * methodName, char * param1, char * param2 )
        xmlrpc_value *response;

        xmlrpc_int returnvalue;

        struct xmlrpc_clientparms clientParms;
        struct xmlrpc_curl_xportparms curlParms;

        curlParms.cainfo = "/etc/apache2/ssl/demoCA/cacert.pem\0";
        curlParms.network_interface = "";
        curlParms.no_ssl_verifypeer = 0;
        curlParms.no_ssl_verifyhost = 0;
        curlParms.user_agent = "mypw_app/1.0";

        clientParms.transport = "curl";
        clientParms.transportparmsP = (void*)&curlParms;
        clientParms.transportparm_size = XMLRPC_CXPSIZE(user_agent);
        /* SSL */
    xmlrpc_env env;
    xmlrpc_client * clientP ;
    xmlrpc_value * resultP ;
    char * sum;
    char * const url = "";
    char * const url2 = "";

            /* Initialize our error-handling environment. */


    xmlrpc_client_create(&env, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION,
&clientParms, XMLRPC_CPSIZE(transportparm_size), &clientP);

        char * param_format = "(ss)";
    /* Make the remote procedure call */
    xmlrpc_client_call2f(&env, clientP, url2, methodName, &resultP,
param_format, param1, param2);

anyone knows what this error means? What can i do to correct that and use SSL?

i do need to check if the server certficate is correct signed, so i
cannot change this options: no_ssl_verifypeer no_ssl_verifyhost to
1 (true).

thanks for the help.

Leonardo Luiz Padovani da Mata
"May the force be with you, always"
"Nerd Pride... eu tenho. Voce tem?"
Received on 2007-09-25