curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Error 58 with CURLOPT_SSLCERT

From: Praveen Pvs via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 25 Jun 2019 12:23:53 +0530

On Mon, Jun 24, 2019 at 3:20 PM Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Fri, 21 Jun 2019, Praveen Pvs wrote:
>
> >> using which TLS backend?
> >>
> > It would be auto negotiated. TLS1_2 support is there
>
> I meant backend as in TLS library. Based on your error texts I assume
> OpenSSL.
>
> But based on your error message:
>
> > Curl Error Buffer: unable to set private key file:
> > '/mnt/flash/system/rkeys/usr1/key0.der' type DER
>
> We can tell that this is the code that runs:
>
>
> https://github.com/curl/curl/blob/1e9769639b57ffd4f587d39efafaae6ff1d75c4a/lib/vtls/openssl.c#L852-L858
>
> ... so clearly OpenSSL doesn't approve of that key file.
>

Since i am not able to make progress on this one, wanted to change the
design slightly. Wanted to open a socket using COM library and pass that FD
to CURL for communication pass so that COM library that we have takes care
of the loading keys/cert and does the handshakes.
I am able to get the FD from the calls that i am using.

I am passing that FD to CURL using following options and calls backs.
/* call this function to get a socket */
curl_easy_setopt(curlHandle, CURLOPT_OPENSOCKETFUNCTION, opensocket);
curl_easy_setopt(curlHandle, CURLOPT_OPENSOCKETDATA, &SocketID);
/* call this function to set options for the socket */
curl_easy_setopt(curlHandle, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);

static curl_socket_t opensocket(void *clientp, curlsocktype purpose, struct
curl_sockaddr *address)
{
DBGF_TRACE("opensocket function");
curl_socket_t sockfd;
(void)purpose;
(void)address;
sockfd = *(curl_socket_t *)clientp;
/* the actual externally set socket is passed in via the
OPENSOCKETDATAoption */
DBGF_TRACE("opensocket function sockfd = %d", sockfd);
return sockfd;
}

Now i am seeing that, CURL also trying to do handshake and it is failing.

curl_easy_setopt(curlHandle, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curlHandle, CURLOPT_SSL_VERIFYHOST, 0L);

curl_easy_setopt(curlHandle, CURLOPT_CAINFO, NULL);

curl_easy_setopt(curlHandle, CURLOPT_USE_SSL, CURLUSESSL_NONE); //Not sure
if this would be useful

I am setting above options and still CURL doing handshake and its failing.

Curl Error Buffer: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol

I want to pass the FD that i got from other calls that we have and want to
pass it to CURL for send/receive. How to achieve this? Could you please help

> --
>
> / daniel.haxx.se | Get the best commercial curl support there is - from
> me
> | Private help, bug fixes, support, ports, new features
> | https://www.wolfssl.com/contact/
>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-06-25

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "Re: Error 58 with CURLOPT_SSLCERT"
Previous message: Daniel Stenberg via curl-library: "Re: Error 58 with CURLOPT_SSLCERT"
In reply to: Daniel Stenberg via curl-library: "Re: Error 58 with CURLOPT_SSLCERT"
Next in thread: Daniel Stenberg via curl-library: "Re: Error 58 with CURLOPT_SSLCERT"
Reply: Daniel Stenberg via curl-library: "Re: Error 58 with CURLOPT_SSLCERT"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]