Adam Taylor wrote:

> I know this is probably a question that should probably be
> directed towards the libcurl mailing lists, but as it seems
> like you're the only person who's put work into developing
> the libcurl port to OS400, I wanted to try asking you
> directly. If you'd prefer I toss this out on the list, let
> me know and I'll happily do so. In my experience OS400/IBM
> i OS questions tend to get lost in open source projects
> like these due to the relative obscurity of the platform.

Yes, please use the list for libcurl-related questions: I'm not an OS400
guy, just an opensource guy who knows a bit of OS400 !
In addition, you'll benefit of experience of other people, it'll help
forming a community and the answers there will be archived, thus helping
other people having the same problem in the future.
And no, your question won't be buried there just because you use an odd
platform: libcurl is supported on other "seldom" platfoms: see
http://curl.haxx.se/docs/install.html.

> I was curious if you had any RPG code written that implements
> libcurl functions.

Libcurl and its OS400 wrappers are written in C. The RPG binding only
consists in a /copy source member with only declarations in it (no
code).
There's no public RPG example of libcurl use, but the C examples
(http://curl.haxx.se/libcurl/c/example.html) can be taken as logic
models: the translation to RPG should be straitforward.

> Specifically, I'm having trouble attempting HTTPS communication
> using an externally specified certificate store (.kdb file in
> the IFS). I'm able to make it work properly if I use the normal
> *SYSTEM certificate store, but a .kdb store in the IFS continually
> returns "Peer certificate cannot be authenticated with given
> CA certificates" and a CURLCode of 60. I've read through the
> OS400 port README that's included, but I feel as though I may be
> missing one of the CURL options which should be set to allow this
> to work properly. I've verified that the KDB file contains all
> certificates necessary to properly communicate via HTTPS to this
> specific endpoint using another method, so I don't believe the KDB
> file to be at fault - unless it needs to be constructed differently
> for libcurl consumption.

> Currently I'm specifying the full path to the .kdb file in the
> IFS for the following libcurl options: CURLOPT_CAINFO,
CURLOPT_SSLCERT,
> and I'm specifying the password for the kdb file for option
CURLOPT_CAINFO.

I've just tested (on V6R1) an alternate certificate store and it works
perfectly. I don't know about your PKI, but I have to tell I did not
test with a client certificate (Anyway, the error you mention is about
the server certificate).

The only cause I can imagine are:
- Insufficient or incorrect certificates in store (but you say they're
OK !)
- Incorrect certificate store file path.
- Character code problem: please check that you use
curl_easy_setopt_ccsid() with the appropriate CCSID for the string
options.
- Permissions on the certificate store file.

The code in my test program is:
  curl_easy_setopt_ccsid(hcurl: CURLOPT_CAINFO:
'/path/to/certstore.kdb': my_source_ccsid);
  curl_easy_setopt_ccsid(hcurl: CURLOPT_KEYPASSWD: 'mypassword':
my_source_ccsid);

Regards,
Patrick

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-11-16