curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Running int to "SSL certificate problem: self signed certificate in certificate chain" error on http trasnfers

From: Jeffrey Walton via curl-users <>
Date: Thu, 11 Mar 2021 14:21:03 -0500

On Thu, Mar 11, 2021 at 10:32 AM Daniel Stenberg via curl-users
<> wrote:
> On Wed, 10 Mar 2021, kent williams via curl-users wrote:
> > I started building the libcurl release from source for a project because we
> > needed features not in the RHEL7 libcurl (7.29.0),
> >
> > But it's failing with an error message:
> > "SSL certificate problem: self signed certificate in certificate chain"
> >
> > The system library versions (Red Hat 7 has libcurl version 7.29.0, Red Hat 8
> > 7.61.1) doesn't have this problem.
> Presumbably those builds either use a different TLS library or another CA
> store, or both.

I believe Red Hat uses the GnuTLS backend.

GnuTLS applies the equivalent of OpenSSL's X509_V_FLAG_PARTIAL_CHAIN
flag. Or more correctly, the logic is baked in and does not require a

X509_V_FLAG_PARTIAL_CHAIN allows trust to be rooted in any
certificate, and not just a root CA.

Received on 2021-03-11