On 11-10-12 07:16, bala suru wrote:
> Hi,
> I have converted my certificates which are DER form to PEM using below
> openssl command
> *
>
> openssl x509 -in root.x509 -inform DER -out root.crt -outform PEM
>
> *
> And try to excute the curl client with error buffer set , I get the below
> error while doing
>
> *223: SSL: couldn't get X509-subject!
> curl_easy_perform() failed: SSL connect error error no is 35 .*
> **
> I checked my cert with
> *openssl x509 -in root.crt -inform PEM -noout -text *
> **
> and it shows that certificate does not have subject .
> **
> Now is it mandatory to have the certificate with subject ..
>
> How to display this at curl part ..?
Hi,
with the verbose options I can typically figure out what is going on with
(lib)curl failing.
According to RFC 5280[1] section "4.1.2.6. Subject" the subject is required
to be set if we're working with a CA. This might be the probable cause of
the failure. For normal certificates you can either use Subject or
SubjectAltNames or both.
I think you are using a CA certificate as a host certificate and libcurl
expects either the subjectaltname or subject name to be set.
Depending upon your choices you can:
- Create a new certificate, and make sure there is a subject
- (unsure solution) Add a subjectaltname to your (CA) certificate
- (unsure solution) Disable host name verification in (lib)curl
Oscar
[1]: http://www.ietf.org/rfc/rfc5280.txt
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
