Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Running int to "SSL certificate problem: self signed certificate in certificate chain" error on http trasnfers
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeffrey Walton via curl-users <curl-users_at_cool.haxx.se>
Date: Thu, 11 Mar 2021 14:21:03 -0500
On Thu, Mar 11, 2021 at 10:32 AM Daniel Stenberg via curl-users
<curl-users_at_cool.haxx.se> wrote:
>
> On Wed, 10 Mar 2021, kent williams via curl-users wrote:
>
> > I started building the libcurl release from source for a project because we
> > needed features not in the RHEL7 libcurl (7.29.0),
> >
> > But it's failing with an error message:
> > "SSL certificate problem: self signed certificate in certificate chain"
> >
> > The system library versions (Red Hat 7 has libcurl version 7.29.0, Red Hat 8
> > 7.61.1) doesn't have this problem.
>
> Presumbably those builds either use a different TLS library or another CA
> store, or both.
I believe Red Hat uses the GnuTLS backend.
GnuTLS applies the equivalent of OpenSSL's X509_V_FLAG_PARTIAL_CHAIN
flag. Or more correctly, the logic is baked in and does not require a
flag.
X509_V_FLAG_PARTIAL_CHAIN allows trust to be rooted in any
certificate, and not just a root CA.
Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-03-11
Date: Thu, 11 Mar 2021 14:21:03 -0500
On Thu, Mar 11, 2021 at 10:32 AM Daniel Stenberg via curl-users
<curl-users_at_cool.haxx.se> wrote:
>
> On Wed, 10 Mar 2021, kent williams via curl-users wrote:
>
> > I started building the libcurl release from source for a project because we
> > needed features not in the RHEL7 libcurl (7.29.0),
> >
> > But it's failing with an error message:
> > "SSL certificate problem: self signed certificate in certificate chain"
> >
> > The system library versions (Red Hat 7 has libcurl version 7.29.0, Red Hat 8
> > 7.61.1) doesn't have this problem.
>
> Presumbably those builds either use a different TLS library or another CA
> store, or both.
I believe Red Hat uses the GnuTLS backend.
GnuTLS applies the equivalent of OpenSSL's X509_V_FLAG_PARTIAL_CHAIN
flag. Or more correctly, the logic is baked in and does not require a
flag.
X509_V_FLAG_PARTIAL_CHAIN allows trust to be rooted in any
certificate, and not just a root CA.
Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-03-11