On Mon, Aug 20, 2012 at 2:14 AM, Chris Baylis <chrisba...@gmail.com> wrote:
> Thank you all for your input. It lead me to a little investigation and > as it turns out I didn't know what I was doing with the keys. > Originally the client key was signed by the client itself. I now have > client keys, signed by the web server. And can run simplessl.c with my > keys and curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile) disabled. > Curious though how `curl -E cert url` worked in the original > scenerario when simplessl.c did not. Judging by the outputs in your original email, command-line curl was looking in the /etc/ssl/certs *directory* for a CA cert to validate the server, whereas the compiled program was looking either in the /etc/ssl/certs/ca-certificates.crt *file* (as shown in the output), or in the cert.pem *file* (as shown in the source snippet). So, maybe the CA cert for your server is sitting in the directory, but is not appended to whichever file was read? Ralph Mitchell
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html