Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: CURLE_SSL_CACERT_BADFILE error for HTTPS URL

From: shiftag via curl-library <curl-library_at_cool.haxx.se>
Date: Sat, 11 Jan 2020 23:32:36 +0400

On 1/10/20 10:22 PM, shiftag via curl-library wrote:

> Hello,
>
> I'm using static libcurl and openssl for my project. When I tried to
> access an HTTPS URL I got the following error: CURLE_SSL_CACERT_BADFILE
>
> I think this issue came from static openssl as it works fine when I
> was using the one on my system.
>
> I built the static libraries that way:
>
> - openssl:
>
>         ./config
>             no-shared
>             no-stdio
>             no-dso 
>             no-engine
>             no-srp   
>             no-psk  
>             no-ec2m 
>             no-comp 
>             --prefix=$(PATHDEP)                
>             --openssldir=$(PATHDEP)       
>         make                                                 
>         make install
>
> - curl:
>         ./buildconf                                         
>         PKG_CONFIG_PATH=$(PATHDEP)/lib/pkgconfig ./configure      
>             --with-ssl             
>             --disable-shared
>             --enable-static    
>             --disable-ntlm-wb
>             --without-ntlm     
>             --disable-ldap     
>             --disable-telnet   
>             --disable-ipv6     
>             --disable-ldaps   
>             --disable-rtsp       
>             --disable-tftp        
>             --disable-pop3    
>             --disable-imap    
>             --disable-smb     
>             --disable-smtp    
>             --disable-gopher  
>             --without-brotli       
>             --without-librtmp
>             --prefix=$(PATHDEP)
>         make
>         make install
>
> When statically building openssl the certs folder is empty, so I used
> mk-ca-bundle.pl file to instal the bundle. But the problem persist.
>
> Please, let me know if you need more details.
>
Hi again,

So it appears the issue is not related to the compilation. The normal
behavior of libcurl is checking /etc/ssl/certs, so I rebuild the content
of that directory with .crt files and the symbolink link to .pem with
the symbolink link to the hash (the one generated by c_rehash command).
But still the issue persist.

$ static-path/bin/curl -L -v https://www.google.com%c2  (curl compiled
statically)
*   Trying 216.58.208.228:443...
* TCP_NODELAY set
* Connected to www.google.com (216.58.208.228) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* error setting certificate verify locations:
  CAfile: /xxx/static-path-set-with-configure/certs/ca-bundle.crt
  CApath: /xxx/static-path-set-with-configure/certs
* Closing connection 0
curl: (77) error setting certificate verify locations:
  CAfile: /xxx/static-path-set-with-configure/certs/ca-bundle.crt
  CApath: /xxx/static-path-set-with-configure/certs

so /xxx/static-path-set-with-configure/certs contains this :

lrwxrwxrwx shiftag users    45 B  Sat Jan 11 22:55:09 2020  02265526.0 ⇒
Entrust_Root_Certification_Authority_-_G2.pem                                                                        

lrwxrwxrwx shiftag users    36 B  Sat Jan 11 22:55:09 2020  03179a64.0 ⇒
Staat_der_Nederlanden_EV_Root_CA.pem   

[...]

lrwxrwxrwx shiftag users 45 B Sat Jan 11 22:52:56 2020
Entrust_Root_Certification_Authority_-_G2.pem ⇒
Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx shiftag users 36 B Sat Jan 11 22:52:56 2020
Staat_der_Nederlanden_EV_Root_CA.pem ⇒ Staat_der_Nederlanden_EV_Root_CA.crt

[...]

Any idea ??

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-11