Hi,

I'm using a ca-bundle.crt file I generated last year using using the
VBScript
(https://github.com/curl/curl/blob/master/lib/mk-ca-bundle.vbs). A few
days ago I wanted to generated an updated CA list and so I ran the
script again.

However, I can't verify (curl error 60) Google's certificate using the
newly-generated CA list:

     Trying 50.0.2.221...
     Connected to www.google.com (50.0.2.221) port 443 (#0)
     successfully set certificate verify locations:
     CAfile: C:\Users\BH1\Desktop\ca-bundle.crt
     CApath: none
     TLSv1.0, TLS handshake, Client hello (1):
     TLSv1.0, TLS handshake, Server hello (2):
     TLSv1.0, TLS handshake, CERT (11):
     TLSv1.0, TLS alert, Server hello (2):
     SSL certificate problem: unable to get local issuer certificate
     Text Closing connection 0

The old list verifies the cert successfully, and using a different SSL
library (schannel) works fine with both the old and new lists. I also
tried using the CA list files listed on the curl website
(https://curl.haxx.se/docs/caextract.html) but encountered the same problem.

So far Google's certificate is the only one giving me trouble.

I'm mainly using "libcurl/7.40.0 OpenSSL/1.0.0o zlib/1.2.8 libidn/1.18
libssh2/1.4.3 librtmp/2.3", through the RB-libcURL language binding.

I'm hoping someone can explain to me what is the problem, and how can I
fix it?

Thanks in advance,
Andrew Lambert
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-06-12