On Sat, 20 Feb 2010, John Zadeh wrote:

> I am having problems trying to connect a secure site from libcurl (v
> 7.15.1).

7.15.1 is *VERY* old and suffers from many bugs and problems.

> The connection establishes fine from the command line (using:
> Curl --cacert cacert.pem https://www.site.com).

With a modern curl version you can use --libcurl to get an initial libcurl
code to work from. It would've helped you from doing these basic mistakes. See
below.

> And using this same code, I have connected to unsecure sites without
> problem. Unfortunately, I am not getting any feedback as to what is going
> on either

... but you're not checking the return code from curl_easy_perform() which is
the single most important information provider, and other good idea is to use
the CURLOPT_ERRORBUFFER in combination.

> curl_easy_setopt(curl,CURLOPT_CAPATH, "C:\testprog");

Is that really the path to a dir with ca-certs and their hashes?

> curl_easy_setopt(curl,CURLOPT_SSLCERT, "cacert.pem");

This specifies a client cert, and your curl example used none.

> curl_easy_setopt(curl,CURLOPT_CAINFO, "cacert.pem");

Your use of this seems to indicate that your CURLOPT_CAPATH use above was
wrong.

> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , 1);
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 1);

I advice against CURLOPT_SSL_VERIFYHOST to anything but 2 (which is default)
since you won't get properly secure HTTPS otherwise.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html