cURL / Mailing Lists / curl-library / Single Mail

curl-library

cert files

From: Perry Smith <pedzsan_at_gmail.com>
Date: Mon, 17 Oct 2011 16:00:56 -0500

Hi,

I feel silly asking this question but I really have looked through Google and also the code. I'm not sure if this is a curl, libcurl, or openssl question.

If I'm on my Mac and I do a curl request to an https site, it goes off and happily does the request. Somewhere it has a stash of certificates (I'm not 100% sure that is the right term).

If I do the same question on my AIX machine it gives me the message.

> curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> More details here: http://curl.haxx.se/docs/sslcerts.html
>
> curl performs SSL certificate verification by default, using a "bundle"
> of Certificate Authority (CA) public keys (CA certs). The default
> bundle is named curl-ca-bundle.crt; you can specify an alternate file
> using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
> problem with the certificate (it might be expired, or the name might
> not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
> the -k (or --insecure) option.

I hope its ok for me to paste this here. On the Mac, I do:

curl -O https://rvm.beginrescueend.com/releases/stable-version.txt

and it works. If I do that on my AIX machine, I get the above message. I downloaded the cacert.pem file and if I do:

curl --cacert /tmp/cacert.pem https://rvm.beginrescueend.com/releases/stable-version.txt

on my AIX machine, it works. But my question is, where can I store the cacert,perm file so that curl, or libcurl, or openssl can find it automatically.

I know about the various environment variables, etc but it should would be nice if I could just store it somewhere. I see on Windows, I can do this in 5 different locations but I can't find the equivalent for a Unix machine.

There are comments about compile time options which is what I assume Apple did but I can't piece the puzzle together.

The mac has 7.21.4. The AIX host has either 7.18.2 or 7.22.0 (depending upon which host I use).

Thank you for your help,
pedz

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-10-17

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Using CURLOPT_CONNECT_ONLY option in multi interface"
Previous message: Andy Tai: "Re: a small patch for hostip6.c"
Next in thread: Jeff Pohlmeyer: "Re: cert files"
Reply: Jeff Pohlmeyer: "Re: cert files"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]