cURL / Mailing Lists / curl-library / Single Mail


Re: SSL failed with curl for self signed certs

From: Oscar Koeroo <>
Date: Thu, 11 Oct 2012 09:38:14 +0200

On 11-10-12 07:16, bala suru wrote:
> Hi,
> I have converted my certificates which are DER form to PEM using below
> openssl command
> *
> openssl x509 -in root.x509 -inform DER -out root.crt -outform PEM
> *
> And try to excute the curl client with error buffer set , I get the below
> error while doing
> *223: SSL: couldn't get X509-subject!
> curl_easy_perform() failed: SSL connect error error no is 35 .*
> **
> I checked my cert with
> *openssl x509 -in root.crt -inform PEM -noout -text *
> **
> and it shows that certificate does not have subject .
> **
> Now is it mandatory to have the certificate with subject ..
> How to display this at curl part ..?


with the verbose options I can typically figure out what is going on with
(lib)curl failing.

According to RFC 5280[1] section " Subject" the subject is required
to be set if we're working with a CA. This might be the probable cause of
the failure. For normal certificates you can either use Subject or
SubjectAltNames or both.

I think you are using a CA certificate as a host certificate and libcurl
expects either the subjectaltname or subject name to be set.

Depending upon your choices you can:
- Create a new certificate, and make sure there is a subject
- (unsure solution) Add a subjectaltname to your (CA) certificate
- (unsure solution) Disable host name verification in (lib)curl



List admin:
Received on 2012-10-11