curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL certificate problem: Invalid certificate when changing iOS locale

From: Artem Polyakov via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 11 Apr 2017 17:21:26 +0300

I use specific HTTPS portals. But it's not only one website
It happens only on iOS
I use curl 7.53.1 with openssl 1.0.2j

draft sample code:
curl_easy_setopt(handle, CURLOPT_PORT, port);
curl_easy_setopt(handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
curl_easy_setopt(handle, CURLOPT_SSL_CIPHER_LIST, "AES128-SHA:AES256-SHA");
curl_easy_setopt(handle, CURLOPT_CAINFO, "PATH_GOES_HERE");
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, curl_errorbuf);
curl_easy_setopt(handle, CURLOPT_URL, url);
curl_easy_setopt(handle, CURLOPT_NOSIGNAL, 1);
curl_easy_setopt(handle, CURLOPT_CONNECTTIMEOUT, ConnectTimeOut);
curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, CurlWriteFunc);
curl_easy_setopt(handle, CURLOPT_WRITEDATA, (void *)(response));
curl_easy_setopt(handle, CURLOPT_POSTFIELDS, request);
curl_easy_setopt(handle, CURLOPT_HTTPHEADER, slist);
curl_easy_setopt(handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_easy_setopt(handle, CURLOPT_USERPWD, "PASSWORD_GOES_HERE");
curl_easy_setopt(handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_easy_setopt(handle, CURLOPT_TIMEOUT, TimeOut)
rc = curl_easy_perform(handle)

thanks

2017-04-11 16:36 GMT+03:00 Daniel Stenberg <daniel_at_haxx.se>:

> On Tue, 11 Apr 2017, Artem Polyakov via curl-library wrote:
>
> Any ideas why following happens: when curl verifies server certificate
>> agains local storage (base certificates file attached) it fails with error
>> 60 when iOS locale is set to Japanese. With English locale everything is
>> fine, although the same certificate file is used.
>>
>
> Oh wow. What curl version are you trying this with? Is this only happening
> on iOS and not macOS? I presume you've built your curl to use Secure
> Transport for TLS? Does it fail only against a particular site or is it
> happening for more?
>
> - Certificate file upgrade from https://curl.haxx.se/ca/cacert.pem helps
>>
>
> Only adds to the mystery for me... =)
>
> --
>
> / daniel.haxx.se
>

-- 
Artem Polyakov | Lead Software Engineer
GlobalLogic
P +380322448347 M +380913275432  S polyakovartem
www.globallogic.com
<http://www.globallogic.com/>
http://www.globallogic.com/email_disclaimer.txt

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-04-11