Thanks Daniel. I need to clarify before I go back to Yahoo tech
support. My online store is hosted on their servers. One feature they
offer is a real-time delivery of our orders to our own server. I am
assuming Yahoo is using libcurl in a script to do this. When I
recently renewed my SSL I received a new certificate from Comodo from a
CA Root different than the one I had before. Nothing else has changed
on my server's side except for the new SSL certificate. Now I am
getting e-mails from Yahoo stating the orders are failing to post
because of error 60. There is a web client I can manually post from
the Yahoo server to my server. When I manually send an order, I see the
curl error 60 as well. I personally do not have any control over the
script Yahoo is using.

I failed to mention I am using IIS 6.0. So from what I read on the
errors page, if I were the client trying to access a server, I could
make changes to my local machine to add that server to my bundle and
all should work. Since I only have control of the target server, is
there anything I can do to get Yahoo's client to get past the error 60?
  Or do I need to contact them to have them update their bundle? My
understanding was that the client on Yahoo's side fails to verify the
cert so just returns error 60 and the connection is closed.

I did see someone mention on Apache that t
hey can add a
CertificateChainFile on their target server only and it worked.
However, I was under the impression that this is automatic in IIS.
Hope that makes better sense. Just looking for clear direction before
I call back to Yahoo. Their tech support won't escalate my call. The
low level techs don't even know they are using your curl solution at
all. Is there any workaround since I don't have control of the client
side?

Thanks,
Darwin

-----Original Message-----
From: Daniel Stenberg <daniel_at_haxx.se>
To: the curl tool <curl-users_at_cool.haxx.se>
Sent: Wed, 6 Aug 2008 3:41 am
Subject: Re: Help with Error 60 from Yahoo Store Hosting

On Tue, 5 Aug 2008, darwinl_at_aol.com wrote: 
 
> I want to make sure I understand the whole process correctly. I use
Yahoo
> Store for my online store and it has an option to allow Real Time
Order
> posting via XML. The only thing I can set is the URL itself, e.g.
http or
> https. 

> I have used this with https for the last 3 years with a certificate
from
> Comodo. That expired August 3, 2008 so I renewed. 

> 

> The new CA Root is different than the previous and I am now seeing
the Error
> 60 when trying to post an order to my server. Since the connection
fails
> with error 60 I can't get my orders sent. 
 

Sorry but I don't understand the description. 
 0D

curl is a command line tool, it is a client and thus it verfies the
server's
cert against a CA cert bundle. If it fails to verify the cert (error
60) it
basically means that the CA of the server's cert did not have a cert in
the
bundle. You can fix this as documented on the curl site, by updating
the ca
cert bundle or by appending the cacert of your particular target site
to the
existing bundle. 
 

--  

 / daniel.haxx.se 

------------------------------------------------------------------- 

List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users%c2 

FAQ: http://curl.haxx.se/docs/faq.html%c2 

Etiquette: http://curl.haxx.se/mail/etiquette.html%c2 

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2008-08-06