cURL / Mailing Lists / curl-library / Single Mail


libcurl with Darwin SSL and self-signed certificates

From: Arun Victor <>
Date: Fri, 16 Aug 2013 16:46:40 +0000

Hi all,

I've built libcurl with Darwin SSL (configured with the '--with-darwinssl' option). The sunny-day scenarios of using trusted certificates works just fine. Problem is that it does not seem to recognize self-signed certificates - I get a -9824 error (errSSLPeerHandshakeFail) from the Mac OS X Security / Secure Transport framework. Has anyone tried this successfully? i.e. use libcurl with Darwin SSL and self-signed certs?

This is what I've done to import the cert into the Security Keychain -

1. Opened Keychain Access and imported the cert (in .pem format with ---BEGIN CERTIFICATE---, ---END CERTIFICATE--- tags) to 'System' and 'login' Keychains.

2. I read a post that said it needs to be in the X509Anchors Keychain, which I did not see. So I created a new Keychain called 'X509Anchors' and imported it into that Keychain as well.

3. Opened my self-signed certificate in Keychain Access, expanded the 'Trust' section, and selected 'Always Trust'

4. Read about deleting ~/Library/Preferences/* and did that.


List admin:
Received on 2013-08-16