cURL / Mailing Lists / curl-library / Single Mail


OpenSSL can't verify Google's certificate against recent ca-bundle.crt

From: Andrew <>
Date: Sat, 11 Jun 2016 16:10:18 -0700


I'm using a ca-bundle.crt file I generated last year using using the
( A few
days ago I wanted to generated an updated CA list and so I ran the
script again.

However, I can't verify (curl error 60) Google's certificate using the
newly-generated CA list:

     Connected to ( port 443 (#0)
     successfully set certificate verify locations:
     CAfile: C:\Users\BH1\Desktop\ca-bundle.crt
     CApath: none
     TLSv1.0, TLS handshake, Client hello (1):
     TLSv1.0, TLS handshake, Server hello (2):
     TLSv1.0, TLS handshake, CERT (11):
     TLSv1.0, TLS alert, Server hello (2):
     SSL certificate problem: unable to get local issuer certificate
     Text Closing connection 0

The old list verifies the cert successfully, and using a different SSL
library (schannel) works fine with both the old and new lists. I also
tried using the CA list files listed on the curl website
( but encountered the same problem.

So far Google's certificate is the only one giving me trouble.

I'm mainly using "libcurl/7.40.0 OpenSSL/1.0.0o zlib/1.2.8 libidn/1.18
libssh2/1.4.3 librtmp/2.3", through the RB-libcURL language binding.

I'm hoping someone can explain to me what is the problem, and how can I
fix it?

Thanks in advance,
Andrew Lambert
List admin:
Received on 2016-06-12