curl / Mailing Lists / curl-library / Single Mail


Certificates problem

From: dp <>
Date: Mon, 21 May 2018 09:46:34 -0400

I am having trouble getting libcurl to work with a secure website. I am using cUrl version 7.59.0, OpenSSL 1.0.2, compiling with Visual Studio 10, and running this on XP/SP3. I built both static and DLL libraries, and that completed without any errors. I can link either library without warnings or errors. The calls to curl_easy_setopt() include:

-- CURLOPT_ISSUERCERT, <full path to cacert.pem>
-- CURLOPT_DEBUGFUNCTION,<function name>

If I build with the static library (libcurl_a.lib), curl_easy_perform() returns 60: Peer certificate cannot be authenticated with given CA certificates. The verbose output appears to show certificate exchange (I am not knowledgeable about CAs), and ends with "SSL certificate problem: unable to get local issuer certificate"

With the DLL library (libcurl.lib), curl_easy_perform() returns 1: Unsupported protocol. The verbose output says "Protocol https not supported or disabled in libcurl"

In both versions, the output from curl.exe -V is:

curl 7.59.0 (i386-pc-win32) libcurl/7.59.0 OpenSSL/1.0.2n WinIDN
Release-Date: 2018-03-14
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL HTTPS-proxy

Did I fail to build the OpenSSL libraries properly, so that certificates are being mishandled? Is there another option I need to set before calling curl_easy_perform()? Is the difference in responses (libcurl.lib versus libcurl_a.lib) expected? I am trying to avoid the workaround that involves ignoring verification of certificates.


Received on 2018-05-21