curl-library
libcurl usage outputs entire CA cert bundle
Date: Thu, 26 Oct 2017 18:47:38 +0000
Hello,
I've built libcurl with the following configuration:
CURL_CFG := --target=$(MACHINE)-linux --host=$(MACHINE)-linux
CURL_CFG += --disable-ftp --disable-file --disable-ldap --disable-rtsp --disable-proxy
CURL_CFG += --disable-dict --disable-telnet --disable-tftp --disable-pop3 --disable-imap
CURL_CFG += --disable-smb --disable-smtp --disable-gopher --disable-manual --enable-ipv6
CURL_CFG += --disable-cookies --disable-crypto-auth --disable-proxy --disable-verbose
CURL_CFG += --disable-versioned-symbols --enable-hidden-symbols --without-librtmp
CURL_CFG += --without-zlib --without-libidn --disable-libcurl-option --enable-static=no
CURL_CFG += --with-ssl
When making a POST request as follows, every certificate in the cacert.pem bundle is output before the response:
<<< Make request >>>
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx
GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds
b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV
BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD
VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc
THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP
c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX
gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF
AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj
Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG
j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH
hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
<<< All other certs follow >>>
> POST /ftd/inform HTTP/1.1
Host: <retracted>
Authorization: Basic <retracted>
Accept: */*
Content-Type: application/json
Content-Length: 267
< HTTP/1.1 200 OK
< Server: openresty
< Date: Thu, 26 Oct 2017 18:39:48 GMT
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-cache, no-store
< x-trace-id: 70110f353234-275b-0000000000013e4b
<
334 bytes retrieved
Here is the source:
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Content-Type: application/json");
curl_global_init(CURL_GLOBAL_ALL);
curl_handle = curl_easy_init();
if (curl_handle) {
/* Send POST inform to TDCS with contents of first response */
curl_easy_setopt(curl_handle, CURLOPT_ERRORBUFFER, errbuf);
errbuf[0] = 0;
curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl_handle, CURLOPT_URL, <url>);
curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, headers);
//curl_easy_setopt(curl_handle, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6);
curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, <post data>);
curl_easy_setopt(curl_handle, CURLOPT_CAINFO, "/etc/ssl/certs/cacert.pem");
curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC);
curl_easy_setopt(curl_handle, CURLOPT_USERPWD, <credentials>);
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, write_memory_callback);
curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)&chunk);
res = curl_easy_perform(curl_handle);
curl_slist_free_all(headers);
if(res != CURLE_OK) {
size_t len = strlen(errbuf);
printf("curl_easy_perform() POST failed!!!\n");
if(len) {
printf("%s%s", errbuf, ((errbuf[len-1] != '\n') ? "\n" : ""));
}
else {
printf("%s\n", curl_easy_strerror(res));
}
ret = -1;
}
else {
printf("%lu bytes retrieved\n", (long)chunk.size);
}
curl_easy_cleanup(curl_handle);
}
else {
fprintf(stderr, "ERROR: Failed to create curl handle");
ret = -1;
}
Could this be caused by the server instead of libcurl?
Thanks for your time,
Andy Gale
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-10-26