curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: Curl failed to authenticate CA server certificate

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 18 Jan 2019 10:50:45 +0100 (CET)

On Fri, 18 Jan 2019, Deepak SP wrote:

> curl: (35) error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib

This very cryptic message means that OpenSSL somehow barfed on the certificate
and return an error to curl. It is unfortunately all the info we have on the
error.

I would *suspect* that your certificate is using an outdated algorithm
somewhere or something but I really can't tell for sure.

If you get a ca cert bundle from https://curl.haxx.se/docs/caextract.html and
use that when contacting a regular public HTTPS site, does that work? It
really should.

> It will be very helpful if you can give some guidance why the curl is
> failing here.

To further debug this, I would suggest switching to trying the openssl command
line tool so that you rule out curl's involvement and work directly with
OpenSSL and if the problems remain, you take them to the openssl team.

I'm sorry to have to redirect you somewhere else and I don't mean to "shift
blame", but they are without doubt the better people to answer questions about
what's going on here and why.

-- 
  / daniel.haxx.se
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2019-01-18

This message: [ Message body ]
Next message: Deepak SP: "Re: curl-users Digest, Vol 161, Issue 11"
Previous message: Deepak SP: "Curl failed to authenticate CA server certificate"
In reply to: Deepak SP: "Curl failed to authenticate CA server certificate"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]