On 12/18/2017 4:28 PM, Thomas van Hesteren via curl-library wrote:
> I have a problem which I have described on stack overflow
> <https://stackoverflow.com/questions/47876555/c-ssl-cert-in-memory-curl-and-openssl-fails-to-add>.
>
>
> The problem is with adding a in-memory SSL-certificate on an Ubuntu
> machine with the ssslctx_function. However, X509_STORE_add_cert always
> returns 0 and therefore my application fails to connect.
>
> What am I doing wrong? On multiple Windows machines this code works great?
>
> (Please see the thread on stack overflow
> <https://stackoverflow.com/questions/47876555/c-ssl-cert-in-memory-curl-and-openssl-fails-to-add> for
> more details)

That is arguably a bug in the example. It's quite possible libcurl may
have already loaded the CA certificate that you are trying to load via
X509_STORE_add_cert, and so it returns an error. For example your
libcurl in Ubuntu may have a CA certificate bundle that was set at
build-time and so at runtime it will set that default path [1] and then
load them before the CTX callback is called. Set CURLOPT_CAINFO to NULL
to override the default. Also, I've fixed the example to stop treating
cert-already-exists as an error [2]. It would be helpful if you could
test the changes.

[1]: https://github.com/curl/curl/blob/curl-7_57_0/lib/url.c#L492-L500
[2]: https://github.com/curl/curl/pull/2182

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-12-19