curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Cross-compiled generating error 77 in application

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 19 Jun 2020 03:17:16 -0400

On 6/18/2020 1:27 PM, Peter Bushnell via curl-library wrote:
> Have added curl source to build a statically compiled libcurl.a to a
> multi-platform application which cross-compiles binaries for on Linux
> for Windows and Mac. The application on Linux and Mac work as
> expected, but when calling curl_easy_perform with a HTTPS URL a 77
> error code is returned. During configure the following ca bundle path
> is set.
>
> /etc/ssl/certs/ca-certificates.crt
>
> When configuring for Windows the same cert is set which can obviously
> not be found in a Windows environment. Hoping that I only need to set
> --with-ca-path or --with-ca-bundle but I've not been able to work out
> what it should be set to. The advice I've seen online is for people to
> download the cert which allows my cross-compiled curl.exe to work with
> SSL, but does not seem to work if placed in the same directory as the
> application. Tried setting the CA bundle path to ./ without luck and
> also tried SSPI but that did not make a difference.
>
> Setting the following allows calls to HTTPS to work, this shows that
> libcurl has been successfully compiled, linked and can work but
> obviously this is not desired behaviour.
>
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
>
> Compiling with the following configure options:
>
> ./configure --disable-shared --enable-static --disable-ldap
> --disable-sspi --without-librtmp --disable-ftp --disable-file
> --disable-dict --disable-telnet --disable-tftp --disable-rtsp
> --disable-pop3 --disable-imap --disable-smtp --disable-gopher
> --disable-smb --host=x86_64-w64-mingw32
>
> Configure output:
>
> configure: Configured to build curl/libcurl:
>
>   Host setup:       x86_64-w64-mingw32
>   Install prefix: /mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32
>   Compiler:         x86_64-w64-mingw32-gcc
>    CFLAGS:          -pipe -O2 -pthread
>    CPPFLAGS:        -isystem
> /mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/include -isystem
> /mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/include
>    LDFLAGS: -L/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/lib
> -L/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/lib
>    LIBS:            -lssl -lcrypto -lssl -lcrypto -lgdi32 -lws2_32
>
>   curl version:     7.70.0
>   SSL:              enabled (OpenSSL)
>   SSH:              no      (--with-{libssh,libssh2})
>   zlib:             no      (--with-zlib)
>   brotli:           no      (--with-brotli)
>   GSS-API:          no      (--with-gssapi)
>   TLS-SRP:          enabled
>   resolver:         POSIX threaded
>   IPv6:             enabled
>   Unix sockets:     no      (--enable-unix-sockets)
>   IDN:              no      (--with-{libidn2,winidn})
>   Build libcurl:    Shared=no, Static=yes
>   Built-in manual:  enabled
>   --libcurl option: enabled (--disable-libcurl-option)
>   Verbose errors:   enabled (--disable-verbose)
>   Code coverage:    disabled
>   SSPI:             no      (--enable-sspi)
>   ca cert bundle:   /etc/ssl/certs/ca-certificates.crt
>   ca cert path:     no
>   ca fallback:      no
>   LDAP:             no      (--enable-ldap / --with-ldap-lib /
> --with-lber-lib)
>   LDAPS:            no      (--enable-ldaps)
>   RTSP:             no      (--enable-rtsp)
>   RTMP:             no      (--with-librtmp)
>   Metalink:         no      (--with-libmetalink)
>   PSL:              no      (libpsl not found)
>   Alt-svc:          no      (--enable-alt-svc)
>   HTTP2:            disabled (--with-nghttp2)
>   HTTP3:            disabled (--with-ngtcp2, --with-quiche)
>   ESNI:             no      (--enable-esni)
>   Protocols:        HTTP HTTPS
>   Features:         SSL IPv6 AsynchDNS NTLM TLS-SRP HTTPS-proxy
>
> Any help on this would be appreciated.
>
On Windows the curl command line tool (curl.exe) will check environment
variables like CURL_CA_BUNDLE and if not found then search paths.
[1][2][3] libcurl doesn't do that, if you have no compile-time path then
you would need to detect the location yourself and use CURLOPT_CAINFO
[4] to set it.

If you use the Schannel backend (native WIndows SSL) instead of OpenSSL
then you do not need a separate bundle of certificates, the Windows OS
certificate store is used by default. The next version of curl (7.71, to
be released next week) will support that for OpenSSL but not by default,
you would use CURLSSLOPT_NATIVE_CA [5] to enable it.

[1]: https://curl.haxx.se/docs/sslcerts.html
[2]:
https://github.com/curl/curl/blob/curl-7_70_0/src/tool_operate.c#L2261-L2339
[3]:
https://github.com/curl/curl/blob/curl-7_70_0/src/tool_doswin.c#L598-L644
[4]: https://curl.haxx.se/libcurl/c/CURLOPT_CAINFO.html
[5]: https://curl.haxx.se/libcurl/c/CURLOPT_SSL_OPTIONS.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-06-19