curl / Mailing Lists / curl-library / Single Mail


libcurl with openSSL on windows x64 - no certificates?

From: Ivan Pilipenko <>
Date: Tue, 17 Jul 2018 14:04:24 +0200 (CEST)

Good time of the day,

I have compiled libcurl using the instructions in winbuild\BUILD.WINDOWS.txt with the following options:

nmake /f VC=15 MODE=dll WITH_SSL=dll ENABLE_WINSSL=no WITH_DEVEL=../deps

including the openssl files in the deps directory as described. The build runs fine, except that I can't seem to be able to open a TLS encrypted connection to my FTP server. The error message is the usual:

"Peer certificate cannot be authenticated with given CA certificates, details: SSL certificate problem: unable to get local issuer certificate".

On linux I was able to fix it by using the --with-ca-bundle option and pointing it the the correct file. On windows however, there doesn't seem to be such an option. Using winSSL on windows works, but winSSL requires an internet connection to get the revocation list. Our product has to be able to also work on a closed network without internet access, so that's a no-go. Disabling CLR checking via CURLSSLOPT_NO_REVOKE has also been declined, unless it's the last resort.

I have tried putting an exported ca-certificates.crt from our linux test machine to my working directory on the windows machine, hoping libcurl would see it, but no dice.

Where is libcurl with openSSL backend looking for certificates on windows?

Freundliche Grüße / Best regards
Ivan Pilipenko
Ivan Pilipenko
Entwicklung / Development
Talstrasse 16
D-71570 Oppenweiler
Tel: +49 7191 94 32 430
Fax: +49 7191 94 32 288
Upcoming Events:
06.-08. November: VISION, Stuttgart, Germany 

MATRIX VISION GmbH, Talstrasse 16, DE-71570 Oppenweiler
Registergericht: Amtsgericht Stuttgart, HRB 271090
Geschaeftsfuehrer: Uwe Furtner

Received on 2018-07-17