curl-users
Re: Configure option --with-ca-path does not work
Date: Wed, 28 Aug 2013 15:01:25 +0200
On Wednesday 28 August 2013 14:46:39 Andriy Yurchuk wrote:
> This is the result of configure script run:
> https://gist.github.com/Ch00k/6365585
>
> oi_at_openindiana:~$ ~/curl7320/bin/curl --version
> curl 7.32.0 (i386-pc-solaris2.11) libcurl/7.32.0 OpenSSL/0.9.8y zlib/1.2.3
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
> pop3s rtsp smtp smtps telnet tftp Features: IPv6 Largefile NTLM NTLM_WB
> SSL libz
>
> oi_at_openindiana:~$ ~/curl7320/bin/curl --capath /etc/certs/CA/
> https://google.com curl: (60) SSL certificate problem: unable to get local
> issuer certificate More details here:
> http://curl.haxx.se/docs/sslcerts.html
>
> curl performs SSL certificate verification by default, using a "bundle"
> of Certificate Authority (CA) public keys (CA certs). If the default
> bundle file isn't adequate, you can specify an alternate file
> using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
> problem with the certificate (it might be expired, or the name might
> not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
> the -k (or --insecure) option.
> oi_at_openindiana:~$
>
> Passing --capath does not help. I suspect this might be the OS specific
> issue. I'll try to build on Linux too see if it reproduces there.
You seem to be using OpenSSL as the SSL backend. Has your CA directory been
processed with the c_rehash utility as the curl.1 man page suggest?
Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-28