Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: CURLE_SSL_CACERT_BADFILE error for HTTPS URL

From: shiftag via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 13 Jan 2020 16:06:04 +0400

On 1/13/20 7:28 AM, Ray Satiro via curl-library wrote:
> On 1/12/2020 10:49 AM, shiftag via curl-library wrote:
>> On 1/12/20 1:32 AM, Daniel Stenberg wrote:
>>> On Sat, 11 Jan 2020, shiftag via curl-library wrote:
>>>
>>>> So it appears the issue is not related to the compilation. The normal
>>>> behavior of libcurl is checking /etc/ssl/certs
>>>> ,so I rebuild the content
>>>> of that directory with .crt files and the symbolink link to .pem with
>>>> the symbolink link to the hash (the one generated by c_rehash command).
>>> I'd recommend you rather use the configure option
>>> --with-ca-bundle=FILE or --with-ca-path=DIRECTORY instead and point
>>> out exactly the file and/or path you want your build to use.
>>>
>>> Or set it at run-time.
>>>
>> Hi Daniel,
>>
>> That's what I did, I built libcurl with --with-ca-bundle and
>> --with-ca-path but I unfortunately did a wrong copy/paste for curl one.
>> I add the options that way:
>>
>>             --with-ca-bundle=$(PATHDEP)/certs/ca-bundle.crt
>>             --with-ca-path=$(PATHDEP)/certs       
>>
>> using the static curl binary in verbose mode I could see both path are
>> correct. But I think the issue is related to the certs stuff. As I'm
>> using a non-standard path I had to generate/download the ca-bundle, the
>> crt files, pem files and the hash. So, curl static binay is checking the
>> right path but still I end-up with error 77.
>
>
> I'm missing the earlier messages in this conversation so I'm not sure
> if this has been covered yet but try curl tool options --cacert [1]
> and --capath [2]. If those run time options work but the build time
> options do not then there may be a bug. However if the run time
> options do not work either then there is another issue. Please include
> verbose output if you need more help.
>
> [1]: https://curl.haxx.se/docs/manpage.html#--cacert
> [2]: https://curl.haxx.se/docs/manpage.html#--capath
>

Following my previous post:

$ /tmp/dependencies/install/bin/curl --cacert
/usr/share/curl/ca-bundle.crt --capath /etc/ssl/certs -L -v
https://www.google.com
*   Trying 216.239.32.117:443...
* TCP_NODELAY set
* Connected to www.google.com (216.239.32.117) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* error setting certificate verify locations:
  CAfile: /usr/share/curl/ca-bundle.crt
  CApath: /etc/ssl/certs
* Closing connection 0
curl: (77) error setting certificate verify locations:
  CAfile: /usr/share/curl/ca-bundle.crt
  CApath: /etc/ssl/certs

So even when using standard path a static build of libcurl and openssl
does not seem to work.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-13