cURL / Mailing Lists / curl-library / Single Mail

curl-library

issue with root CA in certificates chain from server

From: Bruno BARRUCAND <Bruno.BARRUCAND_at_ingenico.com>
Date: Wed, 4 Feb 2015 14:03:14 +0000

Hello,
I am using libcurl (curl-7.34.0) with openssl (1.0.1h) in https. It works well. Thank you.
But I have an issue in one case. When server sends root CA in certificates chain, libcurl/openssl returns an error "SSL certificate problem: self signed certificate in certificate chain >.
In my code, I have set curl_easy_setopt(curl_, CURLOPT_CAINFO, cert); with cert which root CA (in pem format).
I have also curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYHOST, 2);
And curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYPEER, 1);

What should I do/modify/add in the code to accept connection from this server without allowing self-signed certificate (by setting CURLOPT_SSL_VERIFYPEER to 0)?

Thank you,
Bruno Barrucand

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-04

This message: [ Message body ]
Next message: Sébastien Petitdemange: "Re: Is there an easy way to share curl_easy handle with threads?"
Previous message: Daniel Stenberg: "Re: Re: libcurl/ download buffer size is different to upload buffer size."
Next in thread: Ray Satiro via curl-library: "Re: issue with root CA in certificates chain from server"
Reply: Ray Satiro via curl-library: "Re: issue with root CA in certificates chain from server"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]