cURL / Mailing Lists / curl-library / Single Mail


Questions on SSL Certificates

From: Kerry Loux <>
Date: Wed, 10 Jun 2015 09:02:32 -0400

Hello all,

I am using libcurl in an application that I cross-compile to run on a
Raspberry Pi. I've built libcurl with openssl. When I attempt to generate
an https POST, I get "Peer certificate cannot be authenticated with given
CA certificate." In this case, I'm trying to get my application to talk to

After reading, I tried this: $ sudo
apt-get install ca-certificates, which did appear to install correctly.
But still no change in using libcurl from my application.

I also read somewhere that adding the ca-bundle.crt linked to from would solve my problem - no change
after trying that, either.

I don't have a good understanding of certificates or how to work with
them. Here is what I think I know:
- I'm ignoring all of the many search results that describe how to
"self-sign" certificates, because this would apply only if I were getting
this message while trying to connect to a server that no one has ever heard
of before; certificates for Google or other well-known sites I expect to be
included in "standard" certificate bundles.
- I don't want to use curl_easy_setopt(curl, CURLOPT_CAPATH, capath)because
I've never had to use it for my natively-compiled applications (I do often
build libcurl from source, but I've never had to link against an encryption
library that I've built myself, which I did do in this case). Is there a
reason I should reconsider and use this now? I expected that installing
the distribution's ca-certificate bundle would have just worked.

So I have a couple of questions:
- What does the configure option --with-ca-bundle do? Does this just
specify a path to search, or do the certificates actually get included in
library binaries? I'm guessing the former, since the certificates need to
be updated periodically?
- Should I have expected installing the Raspian ca-certificate bundle to
solve this issue? Why wouldn't it work?

Detailed output from libcurl while I try to connect:

* Trying
* Connected to ( port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection:
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0



List admin:
Received on 2015-06-10