curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: CURLE_SSL_CACERT_BADFILE error for HTTPS URL

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Sun, 12 Jan 2020 22:28:47 -0500

On 1/12/2020 10:49 AM, shiftag via curl-library wrote:
> On 1/12/20 1:32 AM, Daniel Stenberg wrote:
>> On Sat, 11 Jan 2020, shiftag via curl-library wrote:
>>
>>> So it appears the issue is not related to the compilation. The normal
>>> behavior of libcurl is checking /etc/ssl/certs
>>> ,so I rebuild the content
>>> of that directory with .crt files and the symbolink link to .pem with
>>> the symbolink link to the hash (the one generated by c_rehash command).
>> I'd recommend you rather use the configure option
>> --with-ca-bundle=FILE or --with-ca-path=DIRECTORY instead and point
>> out exactly the file and/or path you want your build to use.
>>
>> Or set it at run-time.
>>
> Hi Daniel,
>
> That's what I did, I built libcurl with --with-ca-bundle and
> --with-ca-path but I unfortunately did a wrong copy/paste for curl one.
> I add the options that way:
>
>             --with-ca-bundle=$(PATHDEP)/certs/ca-bundle.crt
>             --with-ca-path=$(PATHDEP)/certs
>
> using the static curl binary in verbose mode I could see both path are
> correct. But I think the issue is related to the certs stuff. As I'm
> using a non-standard path I had to generate/download the ca-bundle, the
> crt files, pem files and the hash. So, curl static binay is checking the
> right path but still I end-up with error 77.

I'm missing the earlier messages in this conversation so I'm not sure if
this has been covered yet but try curl tool options --cacert [1] and
--capath [2]. If those run time options work but the build time options
do not then there may be a bug. However if the run time options do not
work either then there is another issue. Please include verbose output
if you need more help.

[1]: https://curl.haxx.se/docs/manpage.html#--cacert
[2]: https://curl.haxx.se/docs/manpage.html#--capath

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-13