curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Re: Having an issue with gnutls and libcurl 8.8.0

From: Robert Brose via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 25 Jul 2024 12:14:39 -0500

On 7/25/24 10:48 AM, Stefan Eissing wrote:
>> Am 25.07.2024 um 17:07 schrieb Robert Brose via curl-library<curl-library_at_lists.haxx.se>:
>>
>> Upgrading some libraries going from curl 8.4.0 with gnutls 3.7.10 (stable at the time) and nettle 3.9 (stable at the time) to
>> curl 8.8.0 (stable when I started updating) with gnutls 3.7.11 (current stable) and nettle 3.10 (current stable). Building on 64 bit debian bullseye.
>>
>> I specify curl_easy_setopt(m_cURLFile->handle.curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1)
>> My code hasn't changed between the working combo of curl 8.4.0/gnutls 3.7.10/nettle 3.9
>>
>> but https connections no longer work unless I disable VERIFYPEER and VERIFYHOST, they fail with error 43 otherwise. I specify the debian ca-certificates.crt in the build as always.
>>
>> Is there an issue with the combinations of curl versions and gnutls/nettle versions? Is there a place I can find the minimum required versions of these libraries?
> Just build the curl 8.8.0 with a gnutls 3.7.10 freshly on macOS and see no problem with a command like
>> ./src/curl -v --trace-config sslhttps://curl.se

Thanks, I gave that a try and it didn't show any debug info with the
VERIFYPEER and VERIFYHOST options enabled. It did however with them
disabled. Noticing a couple of references to gnutls in the changelog of
8.9.0 I switched to 8.9.0 and now it works so I assume gnutls is broken
in 8.8.0. Best, Bob

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-07-25