Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Connections fail on iOS with Secure Transport
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 3 Oct 2023 17:42:58 +0200 (CEST)
On Tue, 3 Oct 2023, Andrew Patterson via curl-library wrote:
> Trying [redacted]:443...
> Connected to [redacted] ([redacted]) port 443 (#0)
> ALPN, offering http/1.1
> TLSv1.2 (OUT), TLS handshake, Client hello (1):
> TLSv1.2 (IN), TLS handshake, Server hello (2):
> TLSv1.2 (IN), TLS handshake, Certificate (11):
> TLSv1.2 (OUT), TLS alert, unknown CA (560):
> SSL certificate problem: self signed certificate in certificate chain
> Closing connection 0
This is your problem, which seems unrelated to CURLOPT_CAINFO. Setting it to
NULL is what you want.
"self signed certificate in certificate chain" sounds like a valid reason to
not accept the connection.
However: the only place it seems possible for libcurl to output that error
message is in the OpenSSL backend. Not the Secure Transport backend.
https://github.com/curl/curl/blob/83ec54e1b9dcf3482d8c98ee3b3c08d054bb694b/lib/vtls/openssl.c#L3938
Date: Tue, 3 Oct 2023 17:42:58 +0200 (CEST)
On Tue, 3 Oct 2023, Andrew Patterson via curl-library wrote:
> Trying [redacted]:443...
> Connected to [redacted] ([redacted]) port 443 (#0)
> ALPN, offering http/1.1
> TLSv1.2 (OUT), TLS handshake, Client hello (1):
> TLSv1.2 (IN), TLS handshake, Server hello (2):
> TLSv1.2 (IN), TLS handshake, Certificate (11):
> TLSv1.2 (OUT), TLS alert, unknown CA (560):
> SSL certificate problem: self signed certificate in certificate chain
> Closing connection 0
This is your problem, which seems unrelated to CURLOPT_CAINFO. Setting it to
NULL is what you want.
"self signed certificate in certificate chain" sounds like a valid reason to
not accept the connection.
However: the only place it seems possible for libcurl to output that error
message is in the OpenSSL backend. Not the Secure Transport backend.
https://github.com/curl/curl/blob/83ec54e1b9dcf3482d8c98ee3b3c08d054bb694b/lib/vtls/openssl.c#L3938
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-10-03