cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: BADCERT_NOT_TRUSTED error with mbedTLS

From: Thomas Glanzmann <thomas_at_glanzmann.de>
Date: Wed, 30 Dec 2015 09:17:58 +0100

Hello Ray,
first of all good news. This morning the branch
origin/iotssl-541-pathlen-bugfix was merged. Making you error go away.
However I found at least on other cert still not working.

> I don't know why you are seeing --cacert only accepting a single
> certificate. I have searched the curl repo and I can't find that. And I
> don't believe that's correct for mbedTLS. When we supply a certificate
> bundle via mbedtls_x509_crt_parse_file it should load all the certs in the
> bundle into the list.

And you're right. This works, too.

(infra) [/tmp/testing/mbedtls] ../local/linux/bin/curl --cacert ca-bundle.crt -Ss https://test.com
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.7.12</center>
</body>
</html>

Cheers,
Thomas
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-12-30

This message: [ Message body ]
Next message: Mckinney, Lee: "libcurl & smartcards"
Previous message: Thomas Glanzmann: "Re: BADCERT_NOT_TRUSTED error with mbedTLS"
In reply to: Ray Satiro via curl-library: "Re: BADCERT_NOT_TRUSTED error with mbedTLS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]