cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: axTLS patch set

From: Hu, Eric <EHu_at_directv.com>
Date: Wed, 12 Jan 2011 11:23:43 -0700

> Functionality wise, axTLS doesn't like my ca cert bundle so whatever
> site I
> try I can't get axTLS to play with me. See below, but the exact site
> doesn't
> seem to matter:
>
> $ ./src/curl https://www.sf.net/ -1 -v -k
> * About to connect() to www.sf.net port 443 (#0)
> * Trying 216.34.181.60... connected
> * Connected to www.sf.net (216.34.181.60) port 443 (#0)
> Error: Invalid X509 ASN.1 file
> * error reading ca cert file /etc/ssl/certs/ca-certificates.crt
> * Curl_axtls_close
> Error: No trusted cert is available
> * Closing connection #0
> * Curl_axtls_close
> * Curl_axtls_close
> * Curl_axtls_close
> * SSL peer certificate or SSH remote key was not OK
> curl: (51) SSL peer certificate or SSH remote key was not OK
> * Curl_axtls_close_all
>
> (The ca cert is the one Debian unstable ships and it should be fine as
> it
> works with OpenSSL and GnuTLS etc.)
>
I don't know that we ever sorted out the exact problem you were encountering. However, axTLS version 1.3.1 has improved cert bundle handling, so give it a try and let us know how it goes.

Thanks,
Eric

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-01-12