cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

[Solved] Re: CA Bundle problem

From: Devel <dev002_at_pas-world.com>
Date: Thu, 10 Mar 2011 15:16:09 +0100

El mar, 08-03-2011 a las 13:37 +0100, Daniel Stenberg escribió:
> On Tue, 8 Mar 2011, Devel wrote:
>
> > [root_at_mail apache]# openssl s_client -CAfile /etc/pki/tls/cert.pem -host
> > www.paypal.com -port 443
>
> ... OpenSSL can verify that host using that ca bundle.
>
> > [root_at_mail apache]# curl -v --cacert /etc/pki/tls/cert.pem
> > * Initializing NSS with certpath: /etc/pki/nssdb
> > * Peer certificate cannot be authenticated with known CA certificates
>
> ... NSS fails to verify that host. This shows curl was built to use NSS for
> the SSL stuff and not OpenSSL.
>
> > Where is the problem?
>
> First, as you're using the curl command line tool and not PHP I think the
> curl-users list might be a better place to discuss your problem.
>
> Then, you're leaving out a busload of info that we need: what Linux distro is
> this? Did you build libcurl yourself or use one from your distro?
>

Solved:

NSS does not support some OID that Openssl can use and crash.
Problem is in .../tls/ca-bundle.crt

-- 
Ordenadores, componentes y software: http://www.1pc.es/
Sistemas IT: http://www.precioventa.com/
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php

Received on 2011-03-10

This message: [ Message body ]
Next message: Yanet Ruiz: "Me gustaría seguir en contacto contigo en Facebook"
Previous message: Devel: "Re: CA Bundle problem"
In reply to: Daniel Stenberg: "Re: CA Bundle problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]