AW: CURLE_PEER_FAILED_VERIFICATION

Hello,

I can gladfully say that the problem is now solved.
As Dan said I executed the commandline-version with the --libcurl option, put it into my code for verification and it worked.
The most impotant thing was to add the "curl_easy_setopt(curl, CURLOPT_CAINFO, "c:\\Program Files\\cURL\\bin\\curl-ca-bundle.crt");" to the code.
I also had to use the "CURLOP_USERPWD" option for http-basic-auth instead of my old settings.

Now I tested this several times and it worked without throwing any errors.

Thank you very much fort he help ...

-----Ursprüngliche Nachricht-----
Von: curl-library [mailto:curl-library-bounces_at_cool.haxx.se] Im Auftrag von Sven Appel via curl-library
Gesendet: Dienstag, 7. Juli 2020 14:24
An: curl-library_at_cool.haxx.se
Cc: Sven Appel <sven.appel_at_its-appel.de>
Betreff: CURLE_PEER_FAILED_VERIFICATION

Hello,
I have a problem with a program I'm writing.
The mission is to get a dataset from a webpage using curl.
The data I want to get is secured by a 2-factor authentication. HTTPS with basic-auth and a pck12-certificate with a password.
When using the commandline-version of curl, I have no problems to get the result I'm expecting. But I'm runnig into trouble when I'm using the libcurl-version within my sourcecode.

Fact:
The following syntax is full functional:

curl --cert my_client_cert.p12 --cert-type p12 --pass
pwd_for_my_client_cert.p12 --user webuser:pwd_for_webuser
https://some_webserver.com:12345/getdata?item=01239-876543

The getdata?item represents the subject(itemnumber) for which I want the dataset.

What I going to do is to automate this process to have a program in which I place the mobilenumber as the only input.
The the rest is done by the program like retrieve the json-data from the server, extract the nessessary data to a database.
I am doing this with the C++-builder (XE7) of Embarcadero.
I have placed the files like libcurl.dll and the header-files in the right places. I can compile my program using the libcurl easy interface. So far, there's no problem.
But I got stuck when configuring the curl_easy_setopt-parameters.
With my config I'm only receiving the error 60 which says that there is a problem with the "CURLE_PEER_FAILED_VERIFICATION" " "The remote server's SSL certificate or SSH md5 fingerprint was deemed not OK."
The displayed Message is: "SSL peer certificate or SSH remote ey was not OK"

For better understanding I'm posting a snippet of the code to do basic dataaquisition.
-----------------------------------------------------------
        char* certPath = "C:\\Pat\\to\\Certificate";
        char* certName = "my_client_cert.p12";
        char* certPass = "pwd_for_my_client_cert.p12";
        char* certType = "P12";
        char* webUser = "webuser";
        char* webUserPass = "pwd_for_webuser";
        String webAddress =
"https://some_webserver.de:12345/getdata?mnum=01239876543"+item_nr; // String because the item is coming from an edit-field. The result has to be converted after combining the address with the item.
        char* web_Address = convertToAnsistr(webAddress);
        
        curl = curl_easy_init();

        if(curl){
                curl_easy_setopt(curl, CURLOPT_CAPATH, certPath);
                curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, certType);
                curl_easy_setopt(curl, CURLOPT_SSLCERT, certName);
                curl_easy_setopt(curl, CURLOPT_KEYPASSWD, certPass);
                curl_easy_setopt(curl, CURLOPT_USERNAME, webUser);
                curl_easy_setopt(curl, CURLOPT_PASSWORD, webUserPass);

                // Demo or not? as a debug function
                if(DemoMode == true){
                        curl_easy_setopt(curl, CURLOPT_URL, DemoData);
                        /* example.com is redirected, so we tell libcurl to follow redirection */
                        curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
                }
                if(DemoMode == false){
                        curl_easy_setopt(curl, CURLOPT_URL, web_Address);
                }

                /* Perform the request, res will get the return code */
                res = curl_easy_perform(curl);

                /* Check for errors */
                if(res != CURLE_OK){
                        StatusBar1->Panels->Items[1]->Text =
"curl_easy_perform() failed - Code: "+IntToStr(res);
                        StatusBar1->Panels->Items[2]->Text =
curl_easy_strerror(res);
                }

                /* always cleanup */
                curl_easy_cleanup(curl);
        }
-----------------------------------------------------------

I'm using the following versions:
libcurl.dll 7.71.1
libssl-1_1.dll 1.1.1.7
libcrypto-1_1.dll 1.1.1.7

... and here's the point I'm stuck.
The more I'm trying to solve the prolem the more I feel confused because I think I took the right way to get the result from the server.

Perhabs there's someone out there to lend me a hand to get me back on the right track :) Maybe it's easy, but I can't see the solution.

Many thanks in advice to you

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-07-08