curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Connections fail on iOS with Secure Transport

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 3 Oct 2023 17:42:58 +0200 (CEST)

On Tue, 3 Oct 2023, Andrew Patterson via curl-library wrote:

> Trying [redacted]:443...
> Connected to [redacted] ([redacted]) port 443 (#0)
> ALPN, offering http/1.1
> TLSv1.2 (OUT), TLS handshake, Client hello (1):
> TLSv1.2 (IN), TLS handshake, Server hello (2):
> TLSv1.2 (IN), TLS handshake, Certificate (11):
> TLSv1.2 (OUT), TLS alert, unknown CA (560):
> SSL certificate problem: self signed certificate in certificate chain
> Closing connection 0

This is your problem, which seems unrelated to CURLOPT_CAINFO. Setting it to
NULL is what you want.

"self signed certificate in certificate chain" sounds like a valid reason to
not accept the connection.

However: the only place it seems possible for libcurl to output that error
message is in the OpenSSL backend. Not the Secure Transport backend.

https://github.com/curl/curl/blob/83ec54e1b9dcf3482d8c98ee3b3c08d054bb694b/lib/vtls/openssl.c#L3938

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-10-03