curl-library
Re: curl_easy_perform() fails with "Problem with the SSL CA cert (path? access rights?)" after first time calling this routine
Date: Thu, 14 Mar 2013 16:53:26 -0400
Hi Dan,
Thanks for the suggestion.
I make some enhancement:
1. I use CURLOPT_CAINFO to specify the CA Certificate.
2. upgrade libcurl to the latest version
[root_at_l2se0132 bin]# curl -V
curl 7.29.0 (x86_64-unknown-linux-gnu) libcurl/7.29.0 OpenSSL/1.0.0
zlib/1.2.3 c-ares/1.9.1 libidn/1.18 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
3. use CURLOPT_VERBOSE and CURLOPT_STDERR to set the verbose output to a
file.
After all these change, I am getting the following error from the output
file:
[root_at_l2se0132 bin]# more /debug1.txt
* About to connect() to l2se0060.lss.emc.com port 8443 (#0)
* Trying 10.247.73.60...
* Connected to l2se0060.lss.emc.com (10.247.73.60) port 8443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/temp/cert.pem
CApath: none
* error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
* Closing connection 0
Any thought on this error "Diffie-Hellman routines:GENERATE_KEY:key size
too small"
Thanks!
From: Daniel Stenberg
<daniel_at_haxx.se<daniel_at_haxx.se?Subject=Re:%20curl_easy_perform()%20fails%20with%20"Problem%20with%20the%20SSL%20CA%20cert%20(path?%20access%20rights?)"%20after%20first%20time%20calling%20this%20routine>>
Date: Sun, 10 Mar 2013 14:36:42 +0100 (CET)
On Sun, 10 Mar 2013, cnm marketing wrote:
*> I'll appreciate it very much if anyone in the team can resolve this
issue. *
*> I believe it is a bug in libcurl: *
*> *
*> Here are the information: *
*> *
*> Platform: 64bit Red Hat Enterprise Linux Server release 6.1 *
*> libcurl version: curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7
NSS/ *
*> 3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2 *
We've done 591 documented bug fixes since 7.19.7. We will appreciate if you
retry your case with a modern libcurl version to see if we've already fixed
your issue or not.
*> 1. we dynamically load libcurl routines by using dlopen() and dlsym(),
see *
*> code below *
Why are you doing that? It is a great recipe for pain and suffering...
*> 2. we call a set of libcurl routines, setopt CURLOPT_SSL_VERIFYPEER and *
*> CURLOPT_SSL_VERIFYHOST to 0L *
*> 3. it fails with "Problem with the SSL CA cert (path? access rights?)" *
*> after the 1st call to httpPostData() routine (see code below). *
What return code is that? CURLE_SSL_CACERT?
*> 4. We don't/cannot use curl_global_init() because our code is
thread-safe, *
*> and it crashes if we use this routine. *
Eeeek. This is an sign of badness. If you don't call curl_global_init(),
libcurl will call it by itself automatically so there's no way to avoid
having
it called!
-- / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-03-14