cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Constantly getting error 77 while sending request to https sites

From: Ray Satiro via curl-users <curl-users_at_cool.haxx.se>
Date: Sat, 24 Sep 2016 13:52:12 -0400

On 9/24/2016 11:53 AM, Nootan Ghimire wrote:
> So This is what I did to trouble shoot
>
> /$ ls -l `curl-config --ca` /
> -rw-r--r-- 1 root root 329165 Jun 18 17:57
> /etc/ssl/certs/ca-certificates.crt
>
> /$ curl-config --configure/
> '--build=x86_64-linux-gnu' '--prefix=/usr'
> '--includedir=/usr/include' '--mandir=/usr/share/man'
> '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
> '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu'
> '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
> '--disable-dependency-tracking' '--disable-symbol-hiding'
> '--enable-versioned-symbols' '--enable-threaded-resolver'
> '--with-lber-lib=lber' '--with-gssapi=/usr' '--with-nghttp2'
> '--with-zsh-functions-dir=/usr/share/zsh/vendor-completions'
> '*--with-ca-path=/etc/ssl/certs'
> '--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt'
> *'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
> -fdebug-prefix-map=/build/curl-7.50.1=. -fPIE -fstack-protector-strong
> -Wformat -Werror=format-security' 'LDFLAGS=-fPIE -pie -Wl,-z,relro
> -Wl,-z,now -Wl,--as-needed' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
>
> I don't know what is the problem. Do I need to give it write
> permission too in order for it to work or is it something else?

No, it does not need write permission in your certificates directory.
Please give us the curl version, curl -V and run curl in verbose mode
curl -v. A number of SSL backends can be used and they aren't entirely
consistent in how they process certificate directories and bundles. I
know some will skip bad directories and others may choke; some will skip
certificates that they don't support in a bundle and others may choke. I
recall last year I had a problem with wolfSSL and reading bundles until
I enabled SHA384 when building wolfSSL (this behavior may have changed
since). I also had a similar problem with another library, I think it
was mbedTLS or GnuTLS, but I don't remember the details.

Also try running strace, see what that shows
strace src/curl -v https://example.com 2>&1 |grep "/etc/ssl"

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-09-24