Hey list. I'm trying to figure out this https stuff. It's been driving me
nuts, and I really do not want to use --insecure.

So I'm trying to do a HTTP request via ssl, and it keeps failing with a
certificate error. I got the certificate via `openssl s_client .... | tee
file` then converted it into pem via `openssl x509 ....`

I then moved the pem into /usr/local/openssl/certs/ and ran c_rehash as root.
I ran `curl -I --capath /usr/local/openssl/certs url` and it is not
working. It keeps saying the certificate is invalid.

I checked ldd on all the programs involved to make sure they are using the
same libssl.so library, which they are. I tried it as root, and tried
messing with the permissions of the files in /usr/local/openssl/certs/ to
no avail. And I did try using curl with --insecure, which was successful.
But I really don't want to use --insecure forever.

The OS is FreeBSD 9.0. The software versions are:
OpenSSL 1.0.1c 10 May 2012
curl 7.24.0 (amd64-portbld-freebsd9.0) libcurl/7.24.0 OpenSSL/1.0.1c
zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp
smtp smtps telnet tftp
Features: Largefile NTLM NTLM_WB SSL libz TLS-SRP

Any tips? Thank you!

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-12-10