curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: C++ SSL-cert in memory Curl and OpenSSL fails to add?

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 26 Dec 2017 03:01:20 -0500

On 12/20/2017 3:17 AM, Ray Satiro wrote:
> On 12/19/2017 3:09 AM, Thomas van Hesteren via curl-library wrote:
>> Thanks for fixing his bug! Tested it and I have added the
>> CURLOPT_CAINFO with value NULL which fixed the issue. Ubuntu works
>> fine now as well. Should I preferably use this on Windows as well?
> Please don't top-post it makes the conversation hard to follow [1].
>
> It's possible for libcurl in Windows to have a default CA certificate
> bundle location defined at build-time but less likely. You should use
> the ctx callback in the example I updated since it now does proper error
> checking. And I've just added CURLOPT_CAINFO NULL to the latest draft
> [2]. I'm not sure if it's necessary to set the CAPATH to NULL as well,
> I'll have to check on that.
>
>
> [1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
> [2]: https://github.com/curl/curl/pull/2182

In the example from 7.57.0 it's only necessary to set CAINFO to NULL to
resolve the issue. The updated example which is now official [1] I set
both CAINFO and CAPATH to null but now neither is necessary. The former
will load the certificates which would take time and the latter there
seems to be no time effect (but it's not guaranteed since it depends on
inner workings of OpenSSL). Therefore both are now null in the example
and tagged optional. I would encourage you to use the updated example.

[1]: https://github.com/curl/curl/blob/master/docs/examples/cacertinmem.c

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-12-26