Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: A error log when used the curl command tool in embedded linux device

From: 杨俊 <yangjun9772_at_gmail.com>
Date: Tue, 13 Dec 2016 17:00:05 +0800

Hi Ray,

Thank you for your reply.
That was the latest cacert.pem I copied from the curl.haxx.se.
--------------------log-------------------------------------------------------------
/tmp # ./curl -V
curl 7.51.0 (arm-hisiv400-linux-gnueabi) libcurl/7.51.0 OpenSSL/1.1.0c
nghttp2/1.17.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp
smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL TLS-SRP HTTP2 UnixSockets
/tmp # ./curl -v --cacert /etc/ssl/certs/cacert.pem https://curl.haxx.se/
* Trying 80.67.6.50...
* TCP_NODELAY set
* Connected to curl.haxx.se (80.67.6.50) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/cacert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
/tmp #
--------------------------------------------------------------------------------------------------------------------------------
And I used the openssl command, it shows:
-------------------------log
--------------------------------------------------------------------
/tmp # ./openssl s_client -connect curl.haxx.se:443 -CApath /etc/ssl/certs/
CONNECTED(00000003)
depth=0 CN = anja.haxx.se
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = anja.haxx.se
verify error:num=21:unable to verify the first certificate
verify return:1 

---
Certificate chain
 0 s:/CN=anja.haxx.se
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
----
-----------------------------------------------------------------------------------------------------
For the cacert.pem file.
I just copy from the web, then paste it in a new txt file, then rename to
cacert.pem.
And I also checked the cacert.pem and delete all of the "^M"
Is it right?
Thanks

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-12-13