cURL / Mailing Lists / curl-library / Single Mail

curl-library

'unable to use client certificate...' is inconsistent across executables

From: Cary Fitzhugh <cfitzhugh_at_anystream.com>
Date: Mon, 5 Mar 2007 14:08:20 -0500

Hello,

I have a product which is trying to use curl to get/post etc to an https
site.

I was unable to get it to work - the error is:

* About to connect() to localhost port 8010 (#0)

* Trying 127.0.0.1... * connected

* Connected to localhost (127.0.0.1) port 8010 (#0)

* unable to use client certificate (no key found or wrong pass phrase?)

* Closing connection #0

* problem with the local SSL certificate

Now, if I curl from the command line, it works.

Curl -k -E ../opt/config/device.pem https://localhost:8010/device/abc

So I figured it was something in my setup of libcurl.

To test that I modified the simplessl.c file and it's contents are at
the end of this email.

My problem now becomes more difficult because the simplessl-mutant works
fine.

When I spliced that code directly into my product, my product still
fails with the error above about being unable to use the client
certificate..

They use the same .pem and .crt files, and have the same relative paths
to the files.

The two executables run on the same machine under cygwin.

As far as I can tell there are no ssl or curl calls before my spliced-in
code.

Any ideas what would cause two executables with the same parameters to
allow a certificate in one place and not in another?

Thanks for any suggestions...

Cary FitzHugh

**** SimpleSSL.c - Mutant ****

int main(int argc, char **argv)

{

CURL *curl;

CURLcode res;

const char *pCertFile = argv[1];

const char *pCACertFile= argv[2];

const char *pKeyName;

const char *pKeyType;

curl_global_init(CURL_GLOBAL_DEFAULT);

curl = curl_easy_init();

if(curl) {

printf("pem file: %s\nCAFile: %s\n", argv[1], argv[2]);

curl_easy_setopt(curl, CURLOPT_URL, argv[3]);

curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);

curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");

curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile);

curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);

curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0);

curl_easy_setopt(curl,CURLOPT_SSL_VERIFYHOST,1);

curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);

res = curl_easy_perform(curl);

curl_easy_cleanup(curl);

}

curl_global_cleanup();

return 0;

}
Received on 2007-03-05

This message: [ Message body ]
Next message: Robert (Bob) A. Monat: "Re: VC8 Makefiles"
Previous message: Dan Fandrich: "Re: R: Request denied by WatchGuard HTTP proxy"
Next in thread: Cary Fitzhugh: "RE: 'unable to use client certificate...' is inconsistent across executables"
Reply: Cary Fitzhugh: "RE: 'unable to use client certificate...' is inconsistent across executables"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]