curl-library
Re: curl_easy_perform() fails with "Problem with the SSL CA cert (path? access rights?)" after first time calling this routine
Date: Fri, 15 Mar 2013 14:00:51 -0400
>What SSL implementation is your libcurl using? How is the SSL stack build
and how did you build libcurl?
[cnm]
1. I am not sure if I understand your first question, we use libcurl, if
libcurl uses ssl, then we use whatever is on the system, in our case, we
use openssl.
2. We use dlopen()/dlsym()/dlclose() to load libcurl library. This is the
ONLY way that we can fit libcurl into our software layers. There are at
least 3 different layers in our layer that uses openssl, we are not the
first one to be loaded.
On Fri, Mar 15, 2013 at 12:59 PM, cnm marketing <cnn.marketing_at_gmail.com>wrote:
> >libcurl is able to use 9 different SSL implementation as its SSL library
> for SSL connections. And yes, OpenSSL is one of them.
> [cnm] Does libcurl statically link ssl or dynamically load those ssl?
>
> >I've never seen the error message
> *> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too
> small
> *
> [cnm] If you believe this error message is NOT from libcurl itself, then I
> believe this error message is from the openssl routines that the libcurl
> invokes. The question is why openssl throw this error, and in what
> situation (from libcurl code) this error will be throwed from libcurl?
> >What SSL implementation is your libcurl using? How is the SSL stack build
> and how did you build libcurl?
> [cnm]
> 1. I am not sure if I understand your first question, we use libcurl, if
> libcurl uses ssl, then we use whatever is on the system, in our case, we
> use openssl.
> 2. We use dlopen()/dlsym()/dlclose() to load libcurl library. This is the
> ONLY way that we can fit libcurl into our software layers. I need to check
> with other groups and see how many they use ssl in their layers. I'll get
> back to you on this.
>
>
> On Fri, Mar 15, 2013 at 10:44 AM, cnm marketing <cnn.marketing_at_gmail.com>wrote:
>
>> How that can be? Does libcurl also use openssl?
>>
>> From my code, I only invoke libcurl routines. Again the following
>> output are the libcurl output by using CURLOPT_VERBOSE and CURLOPT_STDERR.
>> When setting CURLOPT_SSL_VERIFYHOST to 1, we got the debug1.txt output,
>> when setting CURLOPT_SSL_VERIFYHOST to 0, we get the debug.txt output
>>
>>
>> [root_at_l2se0132 bin]# more /debug1.txt
>>
>> * About to connect() to l2se0060.lss.emc.com port 8443 (#0)
>>
>> * Trying 10.247.73.60...
>>
>> * Connected to l2se0060.lss.emc.com (10.247.73.60) port 8443 (#0)
>>
>> * successfully set certificate verify locations:
>>
>> * CAfile: /usr/yhuang/cert.pem
>>
>> CApath: none
>>
>> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>>
>> * Closing connection 0
>>
>>
>>
>> [root_at_l2se0132 bin]# more /debug.txt
>>
>> * About to connect() to l2se0060.lss.emc.com port 8443 (#0)
>>
>> * Trying 10.247.73.60...
>>
>> * Connected to l2se0060.lss.emc.com (10.247.73.60) port 8443 (#0)
>>
>> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>>
>> * Closing connection 0
>>
>>
>>
>> On Fri, Mar 15, 2013 at 3:45 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>>
>>> On Thu, 14 Mar 2013, cnm marketing wrote:
>>>
>>> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>>>>
>>>
>>> Please stop top-posting and full-quoting.
>>>
>>> My 3.2 seconds of googling on this topic lead to this:
>>>
>>> http://comments.gmane.org/**gmane.comp.encryption.openssl.**user/43777<http://comments.gmane.org/gmane.comp.encryption.openssl.user/43777>
>>>
>>> --
>>>
>>> / daniel.haxx.se
>>>
>>
>>
>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-03-15