cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL connections and authenticity

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 11 Nov 2002 22:55:17 +0100 (MET)

On Sat, 9 Nov 2002, Dan Wood wrote:

> I'm trying to verify that my use of libcurl can handle SSL -- and without
> any fanfare, I'm able to connect to test sites like
>
> https://www.stanford.edu/group/idg/leland/samples/secure/test.html
>
> and I just get the page contents, no big deal.
>
> However, I notice that another test site
> <https://www.fortify.net/sslcheck.html> presents an error message:
>
> SSL: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> So I *think* that everything is OK, that SSL is fully working, and it's
> paying attention to certificates. I'm not terribly familiar with these
> kinds of issues, so can anybody who *is* verify that everything is as
> expected? Any other ways that I can test that SSL is working properly?

I'm guessing that you're using libcurl 7.10 or later and therefore you're
seeing this error when the remote certificate isn't possible to verify using
the default CA cert bundle that gets installed with curl. This behavior is
modified since libcurl 7.9.X.

Instead, you must now 1) provide your own CA cert bundle or 2) tell libcurl
to _not_ verify the server's certificate:

 1. curl_easy_setopt(curl, CURLOPT_CAPATH, capath)

 2. curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

This is more or less what is stated in the file named UPGRADE in 7.10[.X]
release archives. I'll use a better name for the next release. The UPGRADE
document is available online here:

        http://curl.haxx.se/lxr/source/UPGRADE

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2002-11-11