curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Connections fail on iOS with Secure Transport

From: Andrew Patterson via curl-library <>
Date: Sun, 1 Oct 2023 12:56:22 -0400


We've been using libcurl for years but for a long time we were running with
peer validation disabled. I know that's terrible, and it wasn't my
decision, but I'm attempting to remedy it now.

It took a couple of hours, but I figured out how to get SSL working
correctly with libcurl on Android, but I've been stymied on iOS. We were
linking it with OpenSSL (like on Android) but I couldn't figure out where
to find the certificates on iOS. I know I could upload the cacert.pem from
the libcurl website, but I'd like to get this working in a way that doesn't
require us to keep updating the certificates if I could.

To that end, one of my colleagues wondered why we weren't just using the
Secure Transport option -- and that seemed like a good question. I had no
problem building it (We use CMake, so I added -DCMAKE_USE_SECTRANSP=ON) but
I still can't connect when attempting a network connection with peer
verification enabled. I'm very confident that the secure transport code is
being utilized, because the error message (see below) comes
from lib/vtls/sectransp.c.

I hooked up the debug callback and got this (text only):

  Trying [REDACTED]:443...
Debug: Connected to [REDACTED] ([REDACTED]) port 443 (#0)
Debug: ALPN, offering http/1.1
Debug: SSL: can't load CA certificate file /etc/ssl/cert.pem
Debug: Closing connection 0

Additional information: curlResult was 77.

Any idea what I'm doing wrong? I really thought switching to Secure
Transport would be the silver bullet so I'd appreciate any suggestions,
regardless of whether they're build step or code related!


Andrew Patterson

Received on 2023-10-01