cURL / Mailing Lists / curl-library / Single Mail

curl-library

SSL Connection Issue (from QNX Platform)

From: Sidde Gowda <engowdre_at_hotmail.com>
Date: Wed, 5 Sep 2012 00:21:04 +0000

Hi All

I am not using default CA bunlde. But when I try to fetch a file from https connection, I am seeing error

* connected
* Connected to 172.17.0.11 (172.17.0.11) port 8443 (#0)
* unable to use client certificate (no key found or wrong pass phrase?)
* Closing connection #0
* Problem with the local SSL certificate

Basically, I have a CA server which has a crl file. I need to download it. Do I necessarily use client certificate? If yes, what option should I use?

Currently, I have a cacert.pem and server_cert.crt and my settings are like this:

    if (sslflag) {
        /* Transport Layer Security (TLS) for https service */
        curl_rc = curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
        /* ASSERT_CLASS_LOGICAL */
        nv_assert(curl_rc == CURLE_OK, "USE_SSL failed %d", curl_rc);

        curl_rc = curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER, 1L);
        /* ASSERT_CLASS_LOGICAL */
        nv_assert(curl_rc == CURLE_OK, "VERIFYPEER failed %d", curl_rc);

        curl_rc = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);
        /* ASSERT_CLASS_LOGICAL */
        nv_assert(curl_rc == CURLE_OK, "VERIFYHOST failed %d", curl_rc);

        curl_rc = curl_easy_setopt(curl, CURLOPT_CAINFO, msg->frm_ca_cert);
        /* ASSERT_CLASS_LOGICAL */
        nv_assert(curl_rc == CURLE_OK, "CAINFO failed %d", curl_rc);

        curl_rc = curl_easy_setopt(curl, CURLOPT_SSLCERT, msg->frm_server_cert);
        /* ASSERT_CLASS_LOGICAL */
        nv_assert(curl_rc == CURLE_OK, "SSLCERT failed %d", curl_rc);

        curl_rc = curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE, "PEM");
        /* ASSERT_CLASS_LOGICAL */
        nv_assert(curl_rc == CURLE_OK, "SSLCERTTYPE failed %d", curl_rc);

        curl_rc = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION,
                                   http_curl_ssl_ctx);
        /* ASSERT_CLASS_LOGICAL */
        nv_assert(curl_rc == CURLE_OK, "CTX_FUNCTION failed %d", curl_rc);

        curl_rc = curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, NULL);
        /* ASSERT_CLASS_LOGICAL */
        nv_assert(curl_rc == CURLE_OK, "CTX_DATA failed %d", curl_rc);
    }

Any help would be grateful.

Regards
Sidde

                                               

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-09-05