Re: BADCERT_NOT_TRUSTED error with mbedTLS
Date: Tue, 29 Dec 2015 19:06:18 +0100
> Does anyone have mbedTLS working in curl 7.46.0?
when I build mbedTLS on Linux and try what you did, I notice the
- --cacert Only accepts a single certificate not a file
containing multiple certs.
- I patched MBEDTLS to tell me why it flagged the cert as bad
and it told me:
(x1) [~/work/vlconnect/local/linux/bin] ./curl -Ss https://test.com
Child is the top of the chain
curl: (51) Cert verify failed: BADCERT_NOT_TRUSTED
I don't really get what they do here. I see that it fails for many domains, it
should not fail. But maybe Manuel can shed some light on it. I file a bugreport.
In order to reproduce, this is what I did:
git clone https://github.com/ARMmbed/mbedtls.git
CFLAGS="-Os" make -j lib
make DESTDIR=`pwd`/../local/linux install
git clone https://github.com/bagder/curl.git
./configure CFLAGS='-Os' \
--without-ssl --with-mbedtls=`pwd`/../local/linux \
../local/linux/bin/curl -Ss https://test.com
For my domain it works, but I found several other domains, which show
the same problem. Find attached a patch for mbedtls to show better where
it is flagged.
- text/plain attachment: mbedtls_verbose_not_trusted.patch