cURL / Mailing Lists / curl-library / Single Mail

curl-library

BADCERT_NOT_TRUSTED error with mbedTLS

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 29 Dec 2015 02:52:44 -0500

I recently built curl 7.46.0 with mbedTLS (--with-mbedtls):

curl 7.46.0 (x86_64-pc-mingw32) libcurl/7.46.0 mbedTLS/2.2.0 zlib/1.2.8
Protocols: http https
Features: Largefile SSL libz

Any website I try to access via https I get BADCERT_NOT_TRUSTED. Take
test.com for example:

curl -Ss --cacert curl-ca-bundle.crt https://test.com
curl: (51) Cert verify failed: BADCERT_NOT_TRUSTED

The root CA 'USERTrust RSA Certification Authority' [1] is in the bundle
but verification fails. If I use just the root CA verification fails. If
I use just the server-sent intermediate it will verify fine, as
expected. In limited testing this appears to be true of other websites,
like example.com.

Does anyone have mbedTLS working in curl 7.46.0?

[1]: https://github.com/bagder/ca-bundle/blob/master/ca-bundle.crt#L3603

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2015-12-29