cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: default CA cert bundle/path - not working

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Fri, 30 Mar 2012 14:51:35 +0200

On Fri, Mar 30, 2012 at 02:35:47PM +0200, curl.bullrunner_at_spamgourmet.com wrote:
> I tried that but it didn't show me anything.
>
> / >curl -v -l -u user:pass --ftp-ssl ftp://server/directory/
> * About to connect() to server port 21 (#0)
> *   Trying IP address...
> * connected
> * Connected to server (IP address) port 21 (#0)
> < 220 Microsoft FTP Service
> > AUTH SSL
> < 234 AUTH command ok. Expecting TLS Negotiation.

This is where the log message would be if it found the bundle.

> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS alert, Server hello (2):
> * SSL certificate problem, verify that the CA cert is OK. Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed
> * Closing connection #0

I took a look at the configure script, and it appears that if it's unable
to find a CA bundle or CA path, it doesn't set a default at all. So, it
seems that in this case you'll have to either explicitly specify one at
configure time or at run time (or both).

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-30