Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: difficulties with SSL certs
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 8 Apr 2021 08:23:17 +0200 (CEST)
On Thu, 8 Apr 2021, Dennis Clarke via curl-library wrote:
> So I looked into the location where the ssl certs "should" be given my
> curl config :
>
> $ ./configure ...
> --with-ca-path=/opt/bw/ssl/certs \
Note that this is the *ca path* where OpenSSL expects to find individual certs
stored.
You use --with-ca-bundle to specify a "bundle" as a single file.
OpenSSL supports both setups.
> So I expect that the cacert.pem file at
>
> https://curl.se/docs/caextract.html
>
> would solve all my problems however :
>
> europa$ ls -lapb /opt/bw/ssl/certs/
> total 350
> drwxr-xr-x 2 root wheel 3 Apr 8 02:35 ./
> drwxr-xr-x 5 root wheel 9 Apr 7 00:14 ../
> -rw-r--r-- 1 root wheel 208075 Jan 19 04:12 cacert.pem
> europa$
>
> This does not help at all and even OpenSSL seems confused.
Exactly, because you now put the bundle in the directory where OpenSSL expects
a directory setup.
You should rather try your downloaded bundle like this:
$ curl --cacert /opt/bw/ssl/certs/cacert.pem -4 -L https://gitlab.com/ -o
/dev/null
... it certainly works for me!
Date: Thu, 8 Apr 2021 08:23:17 +0200 (CEST)
On Thu, 8 Apr 2021, Dennis Clarke via curl-library wrote:
> So I looked into the location where the ssl certs "should" be given my
> curl config :
>
> $ ./configure ...
> --with-ca-path=/opt/bw/ssl/certs \
Note that this is the *ca path* where OpenSSL expects to find individual certs
stored.
You use --with-ca-bundle to specify a "bundle" as a single file.
OpenSSL supports both setups.
> So I expect that the cacert.pem file at
>
> https://curl.se/docs/caextract.html
>
> would solve all my problems however :
>
> europa$ ls -lapb /opt/bw/ssl/certs/
> total 350
> drwxr-xr-x 2 root wheel 3 Apr 8 02:35 ./
> drwxr-xr-x 5 root wheel 9 Apr 7 00:14 ../
> -rw-r--r-- 1 root wheel 208075 Jan 19 04:12 cacert.pem
> europa$
>
> This does not help at all and even OpenSSL seems confused.
Exactly, because you now put the bundle in the directory where OpenSSL expects
a directory setup.
You should rather try your downloaded bundle like this:
$ curl --cacert /opt/bw/ssl/certs/cacert.pem -4 -L https://gitlab.com/ -o
/dev/null
... it certainly works for me!
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://www.wolfssl.com/contact/ ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2021-04-08