curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl with openSSL on windows x64 - no certificates?

From: Ivan Pilipenko <ivan.pilipenko_at_matrix-vision.de>
Date: Tue, 17 Jul 2018 15:08:49 +0200 (CEST)

> Sergei Nikulov <sergey.nikulov_at_gmail.com> hat am 17. Juli 2018 um 14:32 geschrieben:
> вт, 17 июл. 2018 г. в 15:06, Ivan Pilipenko < ivan.pilipenko_at_matrix-vision.de mailto:ivan.pilipenko_at_matrix-vision.de >:
>
> > >
> > Good time of the day,
> >
> > I have compiled libcurl using the instructions in winbuild\BUILD.WINDOWS.txt with the following options:
> >
> > nmake /f Makefile.vc VC=15 MODE=dll WITH_SSL=dll ENABLE_WINSSL=no WITH_DEVEL=../deps
> >
> > including the openssl files in the deps directory as described. The build runs fine, except that I can't seem to be able to open a TLS encrypted connection to my FTP server. The error message is the usual:
> >
> > "Peer certificate cannot be authenticated with given CA certificates, details: SSL certificate problem: unable to get local issuer certificate".
> >
> > On linux I was able to fix it by using the --with-ca-bundle option and pointing it the the correct file. On windows however, there doesn't seem to be such an option. Using winSSL on windows works, but winSSL requires an internet connection to get the revocation list. Our product has to be able to also work on a closed network without internet access, so that's a no-go. Disabling CLR checking via CURLSSLOPT_NO_REVOKE has also been declined, unless it's the last resort.
> >
> > I have tried putting an exported ca-certificates.crt from our linux test machine to my working directory on the windows machine, hoping libcurl would see it, but no dice.
> >
> > Where is libcurl with openSSL backend looking for certificates on windows?
> >
> > > AFAIR, CURLOPT_CAINFO can help.
> Check this thread https://curl.haxx.se/mail/lib-2016-08/0118.html for more info.
>

Yes, that works. Thank you very much.

Is there any particular reason why setting CURLOPT_CAPATH to the same directory the cacert.pem/ca-certificates.crt lies in didn't work for me?

--
Freundliche Grüße / Best regards
Ivan Pilipenko
---------------------------------------------------------
MATRIX VISION GmbH
Ivan Pilipenko
Entwicklung / Development
Talstrasse 16
D-71570 Oppenweiler
Tel: +49 7191 94 32 430
Fax: +49 7191 94 32 288
e-mail: ivan.pilipenko_at_matrix-vision.de
internet: www.matrix-vision.de
-----------------------------------------------------------------
Upcoming Events:
06.-08. November: VISION, Stuttgart, Germany 
-----------------------------------------------------------------

MATRIX VISION GmbH, Talstrasse 16, DE-71570 Oppenweiler
Registergericht: Amtsgericht Stuttgart, HRB 271090
Geschaeftsfuehrer: Uwe Furtner


-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-07-17