Hi Alex,
Am 13.03.2012 19:22, schrieb Alex Loukissas:
I've been trying to remove the requirement of having to bundle a
certificate file, as described here
[http://curl.haxx.se/docs/caextract.html], by using the appropriate
methods from openSSL to extract certificates from the Windows
certificate store. However, when trying to replace the ca-bundle.crt
with the file that my code creates, curl throws me an error:
Error: [77] - error setting certificate verify locations:
CAfile: C:\Program Files\Client\ca-bundle.crt
CApath: none
Any idea of what I could be missing here? I'll briefly describe what I'm
doing below so that readers have a clearer picture:
I believe the easiest way to find out would be to compare the results of
your file against one created by our tools; problems like these might be
related to f.e. different char enconding ...
1. Use the crypt32 API to open the certificate store and iterate through
the installed certificates. Of these, I only use the ones with "Enhanced
Key Usage" is Client Authentication or Server Authentication or All
(i.e. discarding those with timestamp signing, etc), and of course those
which aren't expired.
2. Use the X.509 and PEM API from openSSL to decode these certificates
and write the public key portion of them to the generated file.
Any ideas? I really doubt that Windows-bundled certificates (they come
from Verisign, Thawte, etc) aren't valid for common use. If this works,
it would nicely eliminate the pain of having to bundle up certificate
files with apps using cURL and I'd be happy to share the complete code.
You dont have to bundle ca-files but can always let the user create
fresh ones self with the scripts we provide for this; but nevertheless
I'm interested into your code, and probably I can narrow doen the issue
you see, so are you willing to share it with us? Either send it to me
directly, or attach it here as file if you want to let others play wih
it too.
thanks, Gün.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
