curl-library
Re: CURLOPT_SSL_VERIFYPEER without CURLOPT_CAINFO?
Date: Thu, 02 Mar 2006 14:57:29 +0100
Daniel Stenberg schrieb:
> On Thu, 2 Mar 2006, Sebastian Brückner wrote:
>
>> As the next step I would like to avoid using CURLOPT_CAINFO altogether
>> to make working without any external configuration files possible. Any
>> hints on how to achieve that?
>
> Is this a self-signed certificate? If so, why do you need the cacert file?
I shouldn't need it. I use the root certificate of my own CA created
only for this application.
> I believe you might need the cacert file only if you need certs from the
> "chain" as then the "built-in" cacert alone is not enough to verify the
> cert.
As far as I can see the certificate itself is not the problem. Since I
insert it directly using OpenSSL functions curl probably doesn't even
know its there. That might be the problem: I guess curl assumes that for
CURLOPT_VERIFYPEER to work it needs certificates and with an invalid
CURLOPT_CAINFO I don't give any (from curl's point of view)...
(I will have a look at the source, maybe that clears things up a bit)
I know nothing about built-in certificates. I just assumed that the
built-in certificates are in the file specified by CURLOPT_CAINFO by
default (that is /usr/local/share/curl/curl-ca-bundle.crt for me). So if
I specify a different (or even none as I would like to do) path they
shouldn't be used.
The message is (if I don't change CURLOPT_CAINFO):
error setting certificate verify locations:
CAfile: /usr/local/share/curl/curl-ca-bundle.crt
CApath: none
Sebastian
Received on 2006-03-02