Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl problem with SSL

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Sun, 21 Jul 2019 12:42:55 +0200 (CEST)

On Sun, 21 Jul 2019, Subrata Dasgupta via curl-library wrote:

Hi, please consider using emails in text format when sending it to this (and
other?) mailing lists going forward. I read mails in text format only and the
list archive on the curl web site also doesn't convert HTML-only emails
properly. Your mail thus looks like this to me and the archive:

   https://curl.haxx.se/mail/lib-2019-07/0059.html

... as you can see, it is hard to understand with no good reason!

> Can you please help me to understand why below mentioned problem is coming?

I can try.

> Earlier a 32 bit c++ application was using curl-7.20.1 and there was no
> problem while connecting with the SSL enabled device over HTTPS.

Are you using the same TLS library and version with your upgraded libcurl as
you used with than ancient libcurl version? (I hope you're not, since then
you're probably vulnerable to numerous securely problems.)

Which TLS library and version are you using?

> But when library is upgraded to libcurl-7.61.1 c++ application is getting
> few strange errors while working with new curl library though there is no
> change in the application source code or certificate.

It is possible that your upgrade has increased the default levels.

> In the logs I am getting following error strings.TLSv1.2 (IN), TLS
> handshake, Finished (20):SSL connection using TLSv1.2 /
> ECDHE-RSA-AES256-GCM-SHA384ALPN, server did not agree to a protocol SSL
> certificate verify result: unable to get local issuer certificate (20),
> continuing anyway.

So your transfer succeeds, you're just curious about this log output?

> skipping SSL peer certificate verification

I strongly recommend you do NOT do this. It makes your HTTPS use totally
insecure.

> Same certificate file was also used earlier but there was no error.

You mean CA cert file? But that's pointless when you switch off the checks
anyway.

What is the actual error from the transfer? 

-- 
  / daniel.haxx.se | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-07-21