Re: CURLE_SSL_CACERT_BADFILE error for HTTPS URL
Date: Mon, 13 Jan 2020 01:58:03 +0400
On 1/13/20 1:18 AM, Jeffrey Walton wrote:
> On Sun, Jan 12, 2020 at 10:54 AM shiftag via curl-library
> <curl-library_at_cool.haxx.se> wrote:
>> ...
>>
>> That's what I did, I built libcurl with --with-ca-bundle and
>> --with-ca-path but I unfortunately did a wrong copy/paste for curl one.
>> I add the options that way:
>>
>> --with-ca-bundle=$(PATHDEP)/certs/ca-bundle.crt
>> --with-ca-path=$(PATHDEP)/certs
>>
>> using the static curl binary in verbose mode I could see both path are
>> correct. But I think the issue is related to the certs stuff. As I'm
>> using a non-standard path I had to generate/download the ca-bundle, the
>> crt files, pem files and the hash. So, curl static binay is checking the
>> right path but still I end-up with error 77.
> You might want to show how you configured your build of curl, and how
> you are compiling and linking your program.
>
> In the absence of the compile and link commands, and assuming you
> installed your curl at /usr/local, and assuming you are on Linux, then
> your link command should use something like:
>
> -l:/usr/local/lib/libcurl.a
>
> or
>
> -L /usr/local/lib -l:libcurl.a
>
> -l:<filename> is used to avoid link problems by not allowing the
> linker to make the wrong guess. Also see the ld(1) man page at
> http://man7.org/linux/man-pages/man1/ld.1.html, and the discussion of
> --library=namespec and :filename.
I'm going to describe exactly what I'm doing. The only difference with
my projects are the path. FYI, nothing the following command won't
interfere with your libraries in your system.
$ mkdir -p /tmp/dependencies/source /tmp/dependencies/install
$ cd /tmp/dependencies/source
$ git clone https://github.com/curl/curl.git && git clone
https://github.com/openssl/openssl.git
$ cd openssl
$ ./config no-shared no-stdio no-dso no-engine no-srp no-psk no-ec2m
no-comp --prefix=/tmp/dependencies/install
--openssldir=/tmp/dependencies/install && make && make install
(don't need to bother recreating all things manually here)
$ cp -a /etc/ssl/certs/* /tmp/dependencies/install/certs
$ cp /usr/share/curl/ca-bundle.crt /tmp/dependencies/install/
$ cd ../curl
$ ./buildconf && PKG_CONFIG_PATH=/tmp/dependencies/install/lib/pkgconfig
./configure --with-ssl --disable-shared --enable-static
--disable-ntml-wb --without-ntlm --disable-ldap --disable-telnet
--disable-ipv6 --disable-ldaps --disable-rtsp --disable-tftp
--disable-pop3 --disable-imap --disable-smb --disable-smtp
--disable-gopher --disable-brotli --without-librtmp
--with-ca-bundle=/tmp/dependencies/install/ca-bundle.crt
--with-ca-path=/tmp/dependencies/install/certs
--prefix=/tmp/dependencies/install && make && make install
I'm using libcurl in my project but for the sake of testing we can use
curl binary.
$ cd /tmp/dependencies
$ install/bin/curl -L -v https://www.google.com
* Trying 216.58.208.228:443...
* TCP_NODELAY set
* Connected to www.google.com (216.58.208.228) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* error setting certificate verify locations:
CAfile: /tmp/dependencies/install/ca-bundle.crt
CApath: /tmp/dependencies/install/certs
* Closing connection 0
curl: (77) error setting certificate verify locations:
CAfile: /tmp/dependencies/install/ca-bundle.crt
CApath: /tmp/dependencies/install/certs
This is exactly the problem I encounter with my project.
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-12