curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: C++ SSL-cert in memory Curl and OpenSSL fails to add?

From: Thomas van Hesteren via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 19 Dec 2017 09:09:32 +0100

Thanks for fixing his bug! Tested it and I have added the CURLOPT_CAINFO with value NULL which fixed the issue. Ubuntu works fine now as well. Should I preferably use this on Windows as well?

> Op 19 dec. 2017, om 08:40 heeft Ray Satiro via curl-library <curl-library_at_cool.haxx.se> het volgende geschreven:
>
> On 12/18/2017 4:28 PM, Thomas van Hesteren via curl-library wrote:
>> I have a problem which I have described on�stack overflow <https://stackoverflow.com/questions/47876555/c-ssl-cert-in-memory-curl-and-openssl-fails-to-add>.
>>
>> The problem is with adding a in-memory SSL-certificate on an Ubuntu machine with the ssslctx_function. However, X509_STORE_add_cert always returns 0 and therefore my application fails to connect.
>>
>> What am I doing wrong? On multiple Windows machines this code works great?
>>
>> (Please see the thread on�stack overflow <https://stackoverflow.com/questions/47876555/c-ssl-cert-in-memory-curl-and-openssl-fails-to-add>�for more details)
>
> That is arguably a bug in the example. It's quite possible libcurl may have already loaded the CA certificate that you are trying to load via X509_STORE_add_cert, and so it returns an error. For example your libcurl in Ubuntu may have a CA certificate bundle that was set at build-time and so at runtime it will set that default path [1] and then load them before the CTX callback is called. Set CURLOPT_CAINFO to NULL to override the default. Also, I've fixed the example to stop treating cert-already-exists as an error [2]. It would be helpful if you could test the changes.
>
> [1]: https://github.com/curl/curl/blob/curl-7_57_0/lib/url.c#L492-L500 <https://github.com/curl/curl/blob/curl-7_57_0/lib/url.c#L492-L500>
> [2]: https://github.com/curl/curl/pull/2182 <https://github.com/curl/curl/pull/2182>
>
> -------------------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-12-19