curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS hangs

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 5 May 2017 23:54:14 +0200 (CEST)

On Fri, 5 May 2017, Greg Stewart via curl-library wrote:

> If the library is looking for "/etc/ssl/certs/ca-certificates.crt" on the
> esp32, it won't find it since the esp32 does not have that kind of file
> structure. Not sure where to go from here.

That's the CA cert bundle. You need one if you want to be able to verify
"random" servers. Another option is to use pinning if you communicate with a
limited set of servers.

If you can't have a CA cert file you need to arrange for it to remain in
memory and use CURLOPT_SSL_CTX_FUNCTION. It is supported for mbedTLS since
7.54.0. Brand new!

Although it should be said that a lack of CA certs shouldn't cause a hang, it
should simply cause a failure to verify the server...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2017-05-05