curl / Mailing Lists / curl-library / Single Mail


Re: C++ SSL-cert in memory Curl and OpenSSL fails to add?

From: Thomas van Hesteren via curl-library <>
Date: Tue, 19 Dec 2017 09:09:32 +0100

Thanks for fixing his bug! Tested it and I have added the CURLOPT_CAINFO with value NULL which fixed the issue. Ubuntu works fine now as well. Should I preferably use this on Windows as well?

> Op 19 dec. 2017, om 08:40 heeft Ray Satiro via curl-library <> het volgende geschreven:
> On 12/18/2017 4:28 PM, Thomas van Hesteren via curl-library wrote:
>> I have a problem which I have described on�stack overflow <>.
>> The problem is with adding a in-memory SSL-certificate on an Ubuntu machine with the ssslctx_function. However, X509_STORE_add_cert always returns 0 and therefore my application fails to connect.
>> What am I doing wrong? On multiple Windows machines this code works great?
>> (Please see the thread on�stack overflow <>�for more details)
> That is arguably a bug in the example. It's quite possible libcurl may have already loaded the CA certificate that you are trying to load via X509_STORE_add_cert, and so it returns an error. For example your libcurl in Ubuntu may have a CA certificate bundle that was set at build-time and so at runtime it will set that default path [1] and then load them before the CTX callback is called. Set CURLOPT_CAINFO to NULL to override the default. Also, I've fixed the example to stop treating cert-already-exists as an error [2]. It would be helpful if you could test the changes.
> [1]: <>
> [2]: <>
> -------------------------------------------------------------------
> Unsubscribe:
> Etiquette:

Received on 2017-12-19