Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: difficulties with SSL certs
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dennis Clarke via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 8 Apr 2021 11:49:00 -0400
On 4/8/21 5:41 AM, Patrick Monnerat via curl-library wrote:
>
.
.
.
>> europa$ grep '89:80:cc:26' /opt/bw/ssl/certs/*
>> /opt/bw/ssl/certs/USERTrust_ECC_Certification_Authority.pem:
>> 5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26
>> europa$ grep '0e:35:03:2d' /opt/bw/ssl/certs/*
>> /opt/bw/ssl/certs/USERTrust_RSA_Certification_Authority.pem:
>> 01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
>>
>>
>> Those are exactly what is needed.
>
> If you use ca-path rather than ca-bundle with openssl, certificates in
> that directory have to be named according to a hash in order to be found
> by openssl.
>
> To create a soft link properly named use:
>
> ln -s <certname> `openssl x509 -in <certname> -noout -hash`.0
>
> There is also a command to hash a whole directory:
> https://www.openssl.org/docs/manmaster/man1/c_rehash.html
>
Brilliant! Thank you. For quite some time I did wonder where those
file numbers/names were coming from :
alpha$ cd /opt/bw/ssl/certs
alpha$ ls -lapb
total 1802
drwxr-xr-x 2 root root 595 Jul 12 2020 ./
drwxr-xr-x 5 root root 9 Mar 27 00:35 ../
lrwxrwxrwx 1 root root 26 Jan 20 2019 00673b5b.0 ->
thawte_Primary_Root_CA.pem
lrwxrwxrwx 1 root root 45 Jan 20 2019 02265526.0 ->
Entrust_Root_Certification_Authority_-_G2.pem
lrwxrwxrwx 1 root root 23 Jan 20 2019 02756ea4.0 ->
Certplus_Root_CA_G1.pem
lrwxrwxrwx 1 root root 31 Jan 20 2019 02b73561.0 ->
Comodo_Secure_Services_root.pem
.
.
.
etc etc etc
Date: Thu, 8 Apr 2021 11:49:00 -0400
On 4/8/21 5:41 AM, Patrick Monnerat via curl-library wrote:
>
.
.
.
>> europa$ grep '89:80:cc:26' /opt/bw/ssl/certs/*
>> /opt/bw/ssl/certs/USERTrust_ECC_Certification_Authority.pem:
>> 5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26
>> europa$ grep '0e:35:03:2d' /opt/bw/ssl/certs/*
>> /opt/bw/ssl/certs/USERTrust_RSA_Certification_Authority.pem:
>> 01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
>>
>>
>> Those are exactly what is needed.
>
> If you use ca-path rather than ca-bundle with openssl, certificates in
> that directory have to be named according to a hash in order to be found
> by openssl.
>
> To create a soft link properly named use:
>
> ln -s <certname> `openssl x509 -in <certname> -noout -hash`.0
>
> There is also a command to hash a whole directory:
> https://www.openssl.org/docs/manmaster/man1/c_rehash.html
>
Brilliant! Thank you. For quite some time I did wonder where those
file numbers/names were coming from :
alpha$ cd /opt/bw/ssl/certs
alpha$ ls -lapb
total 1802
drwxr-xr-x 2 root root 595 Jul 12 2020 ./
drwxr-xr-x 5 root root 9 Mar 27 00:35 ../
lrwxrwxrwx 1 root root 26 Jan 20 2019 00673b5b.0 ->
thawte_Primary_Root_CA.pem
lrwxrwxrwx 1 root root 45 Jan 20 2019 02265526.0 ->
Entrust_Root_Certification_Authority_-_G2.pem
lrwxrwxrwx 1 root root 23 Jan 20 2019 02756ea4.0 ->
Certplus_Root_CA_G1.pem
lrwxrwxrwx 1 root root 31 Jan 20 2019 02b73561.0 ->
Comodo_Secure_Services_root.pem
.
.
.
etc etc etc
-- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2021-04-08