cURL / Mailing Lists / curl-users / Single Mail

curl-users

CA bundle broke SSL to Amazon/S3

From: Jean-François Mathiot <jmathiot_at_servebox.com>
Date: Thu, 18 Dec 2014 12:00:21 +0100

Hi,

I am creating a software package that uses AWS/S3, OpenSSL and the CA
bundle provided here http://curl.haxx.se/ca/cacert.pem. Everything had
been right until recently when some of the Verisign's certificates have
been dropped like mentioned here http://curl.haxx.se/docs/caextract.html
and here http://curl.haxx.se/mail/archive-2014-10/0062.html

Since then we can't use the latest CA bundle because it fails to verify
Amazon's SSL certificates.

It seems that a potential fix exists
(http://curl.haxx.se/mail/archive-2014-10/0074.html) but has not been
applied yet. I've had a hard time figuring out the root cause of the
problem because I intuitively assumed Amazon's certificates CA were
included in the bundle. I agree with Lamont
(http://curl.haxx.se/mail/archive-2014-10/0070.html) that, though a
workaround exists, ensuring these certificates are included in the
bundle could avoid awkward experiences to other people.

I'd like to know if I can be of any help in some way to resolve this issue.

Best,
Jef

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-12-18

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: CA bundle broke SSL to Amazon/S3"
Previous message: Daniel Stenberg: "Re: curl and LTPA cookies"
Next in thread: Daniel Stenberg: "Re: CA bundle broke SSL to Amazon/S3"
Reply: Daniel Stenberg: "Re: CA bundle broke SSL to Amazon/S3"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]