cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: cert verification problem on curl handle re-use

From: Michael Barton <mike_at_weirdlooking.com>
Date: Wed, 23 Jan 2013 04:59:50 -0600

On Jan 22, 2013, at 3:45 PM, Daniel Stenberg wrote:

> If you truly want to find the problem or perhaps the subsequent fix in curl, then I'd recommend building a more modern version from source and see if it works with the same OpenSSL version. Then bisect your way back to the breakage.

Good idea.

"curl_easy_reset() now resets the CA bundle path correctly"
e5adab39b165baa3f3f8d7222573f46d54e30771

Sounds right. And if I manually set CURLOPT_CAINFO after a curl_easy_reset, it starts working.

Unfortunately, there doesn't seem to be any way to get at the cert file curl should be using. I may just detect that specific version of libcurl and set the CAINFO to "/etc/pki/tls/certs/ca-bundle.crt" and hope for the best.

> Personally I'm not able to bother about bugs in very old curl releases.

Understandable. I was just hoping it was a known problem with a workaround, since RHEL/CentOS 5 is still widely deployed (apparently by a bunch of my users).

- Mike

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-01-23