cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS returns nothing

From: WL Reyes- Bruce <wlrbruce_at_lucent.com>
Date: Wed, 05 Mar 2003 17:22:34 -0500

Daniel:

Thanks for the quick response. I have added a check for the response
from curl_easy_perform and it returns a 51, which I guess means:
         CURLE_SSL_PEER_CERTIFICATE, /* 51 - peer's certificate wasn't ok */

Also I have setup the VERBOSE option which I did not have before and
this is what I get:

* About to connect() to 135.92.36.30:443
* Connected to 135.92.36.30 (135.92.36.30) port 443
* SSL connection using EDH-RSA-DES-CBC3-SHA
* Server certificate:
* subject: /C=US/ST=New
Jersey/L=Middletown/O=csl.com/OU=sage/CN=dbsage.n
wos.lucent.com/Email=wlrbruce_at_lucent.com
* start date: 2001-08-10 18:26:25 GMT
* expire date: 2003-07-31 04:00:00 GMT
* Closing connection #0

I know I am missing something, but it is not clear to me at this point.
Here are the options that I am setting:

> curl_global_init(CURL_GLOBAL_ALL);
> curl = curl_easy_init();
> curl_easy_setopt(curl, CURLOPT_VERBOSE, TRUE);
> curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
> curl_easy_setopt(curl, CURLOPT_USERPWD, udata);
> curl_easy_setopt(curl, CURLOPT_POSTFIELDS, rdata);
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
> curl_easy_setopt(curl, CURLOPT_URL, rurl);
> curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, set_rules_response);
> curl_easy_setopt(curl, CURLOPT_FILE, (void *)&chunk);
> res = curl_easy_perform(curl);
> curl_easy_cleanup(curl);
> curl_global_cleanup();

I also tried setting 'curl_easy_setopt(curl,
CURLOPT_CAINFO,"/tmp/ca.pem"), where ca.pem is a server certificate file
for the server that I am pointing to. I only want HTTPS without client
certificates. The target server uses its own certificate and therefore
not included in the bundle you provide. But even turning the PEER check
off is not working. Ideally, I would like to be able to do the server
verification part, if I can get it to work. The target server creates
its own certificates, so it is its own CA. When I use the CURLOPT_CAINFO
option, I get the same response (and curl_easy_perform returns a 51):

* About to connect() to 135.92.36.30:443
* Connected to 135.92.36.30 (135.92.36.30) port 443
* SSL connection using EDH-RSA-DES-CBC3-SHA
* Server certificate:
* subject: /C=US/ST=New
Jersey/L=Middletown/O=csl.com/OU=sage/CN=dbsage.n
wos.lucent.com/Email=wlrbruce_at_lucent.com
* start date: 2001-08-10 18:26:25 GMT
* expire date: 2003-07-31 04:00:00 GMT
* Closing connection #0

I really hope you can help me with this, I have been trying different
things for the last 3 days.

Thanks for your time,

Daniel Stenberg wrote:
>
> On Wed, 5 Mar 2003, WL Reyes- Bruce wrote:
>
> > I downloaded libcurl last week to send HTTPS requests from within a C
> > program. I am not getting a response back. I have already tried the
> > steps suggested in
> > http://curl.haxx.se/lxr/source/SSLCERTS.
>
> Just as a note to the general public, this info is now found on the more
> proper URL:
>
> http://curl.haxx.se/docs/sslcerts.html
>
> > and I still get no response.
>
> No response, CURLOPT_VERBOSE says absolutely nothing and curl_easy_perform()
> returns CURLE_OK ?
>
> > I am using Solaris 8 and the latest curl version 7.10.3. I am able to use
> > the command line 'curl' command and I do get a response that way. I would
> > like to use libcurl if possible, instead of having to call the command from
> > within C.
>
> Then you probably just lack an option that the curl tool sets. What options
> do you use with curl to make it work?
>
> --
> Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
> for complex code. Debugging C/C++ programs can leave you feeling lost and
> disoriented. TotalView can help you find your way. Available on major UNIX
> and Linux platforms. Try it free. www.etnus.com

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
Received on 2003-03-05