cURL / Mailing Lists / curl-library / Single Mail

curl-library

splitting CURLE_SSL_CACERT error cases (Re: regarding https and libcurl)

From: Armel Asselin <asselin.armel_at_wanadoo.fr>
Date: Sun, 8 Oct 2006 11:30:48 +0200

>> I set up a https webserver with a keystore generated using keytool . When
>> i tried to get a web page through libcurl it is returning error code 60.
>> if CURLOPT_VERIFY_SSLPEER option is set false I am able to get the page .
>> But when I set it to TRUE and gave CURLOPT_CAINFO as the cacert.pem which
>> I used for generating the keystore. But still it is giving error code 60.
>
> It means that either that cert can't be verified by your CA cert or that
> the host name in the server's cert doesn't match the host name you access
> with libcurl.
recently I felt on this error (i.e CURLE_SSL_CACERT), the problem is that
OMHO it encompasses too many cases: missing or invalid cert file, good file
but no possible validation of server certificate...
would it be acceptable to split this error into two or three smaller ones:
it's not easy at all for a user to understand the real cause because of this
mix. so there would be for example:
CURLE_SSL_CACERT_MISSING: missing CACERT file
CURLE_SSL_CACERT_INVALID: file present but invalid
CURLE_SSL_CACERT: target SSL certificate not acceptable

Regards
Armel
Received on 2006-10-08