curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl with openSSL on windows x64 - no certificates?

From: Sergei Nikulov <sergey.nikulov_at_gmail.com>
Date: Tue, 17 Jul 2018 15:32:56 +0300

вт, 17 июл. 2018 г. в 15:06, Ivan Pilipenko <ivan.pilipenko_at_matrix-vision.de
>:

> Good time of the day,
>
> I have compiled libcurl using the instructions in
> winbuild\BUILD.WINDOWS.txt with the following options:
>
> nmake /f Makefile.vc VC=15 MODE=dll WITH_SSL=dll ENABLE_WINSSL=no
> WITH_DEVEL=../deps
>
> including the openssl files in the deps directory as described. The build
> runs fine, except that I can't seem to be able to open a TLS encrypted
> connection to my FTP server. The error message is the usual:
>
> "Peer certificate cannot be authenticated with given CA certificates,
> details: SSL certificate problem: unable to get local issuer certificate".
>
> On linux I was able to fix it by using the --with-ca-bundle option and
> pointing it the the correct file. On windows however, there doesn't seem to
> be such an option. Using winSSL on windows works, but winSSL requires an
> internet connection to get the revocation list. Our product has to be able
> to also work on a closed network without internet access, so that's a
> no-go. Disabling CLR checking via CURLSSLOPT_NO_REVOKE has also been
> declined, unless it's the last resort.
>
> I have tried putting an exported ca-certificates.crt from our linux test
> machine to my working directory on the windows machine, hoping libcurl
> would see it, but no dice.
>
> Where is libcurl with openSSL backend looking for certificates on windows?
>
AFAIR, CURLOPT_CAINFO can help.
Check this thread https://curl.haxx.se/mail/lib-2016-08/0118.html for more
info.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-07-17