cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: 'unable to use client certificate...' is inconsistent across executables

From: Cary Fitzhugh <cfitzhugh_at_anystream.com>
Date: Mon, 5 Mar 2007 17:02:55 -0500

Sorry all - there is no problem. Some obscure makefile issue prevented
that particular file from recompiling.

Causing my utter confusion.

 

Thanks,

Cary FitzHugh

 

________________________________

From: Cary Fitzhugh
Sent: Monday, March 05, 2007 2:08 PM
To: curl-library_at_cool.haxx.se
Cc: Cary Fitzhugh
Subject: 'unable to use client certificate...' is inconsistent across
executables

 

Hello,

 

I have a product which is trying to use curl to get/post etc to an https
site.

I was unable to get it to work - the error is:

 

* About to connect() to localhost port 8010 (#0)

* Trying 127.0.0.1... * connected

* Connected to localhost (127.0.0.1) port 8010 (#0)

* unable to use client certificate (no key found or wrong pass phrase?)

* Closing connection #0

* problem with the local SSL certificate

 

Now, if I curl from the command line, it works.

Curl -k -E ../opt/config/device.pem https://localhost:8010/device/abc

 

So I figured it was something in my setup of libcurl.

To test that I modified the simplessl.c file and it's contents are at
the end of this email.

 

My problem now becomes more difficult because the simplessl-mutant works
fine.

When I spliced that code directly into my product, my product still
fails with the error above about being unable to use the client
certificate..

 

They use the same .pem and .crt files, and have the same relative paths
to the files.

The two executables run on the same machine under cygwin.

As far as I can tell there are no ssl or curl calls before my spliced-in
code.

 

Any ideas what would cause two executables with the same parameters to
allow a certificate in one place and not in another?

 

Thanks for any suggestions...

Cary FitzHugh

 

 

**** SimpleSSL.c - Mutant ****

int main(int argc, char **argv)

 {

   CURL *curl;

   CURLcode res;

   

  

   const char *pCertFile = argv[1];

   const char *pCACertFile= argv[2];

 

   const char *pKeyName;

   const char *pKeyType;

 

   curl_global_init(CURL_GLOBAL_DEFAULT);

 

   curl = curl_easy_init();

   if(curl) {

     printf("pem file: %s\nCAFile: %s\n", argv[1], argv[2]);

 

     curl_easy_setopt(curl, CURLOPT_URL, argv[3]);

     curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);

     curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");

     curl_easy_setopt(curl,CURLOPT_SSLCERT,pCertFile);

     curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);

     curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0);

     curl_easy_setopt(curl,CURLOPT_SSL_VERIFYHOST,1);

     curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);

 

     res = curl_easy_perform(curl);

 

     curl_easy_cleanup(curl);

   }

 

   curl_global_cleanup();

 

   return 0;

}
Received on 2007-03-05