Arun Victor <[email protected]> schreef: >Hi all, > >I've built libcurl with Darwin SSL (configured with the >'--with-darwinssl' option). The sunny-day scenarios of using trusted >certificates works just fine. Problem is that it does not seem to >recognize self-signed certificates - I get a -9824 error >(errSSLPeerHandshakeFail) from the Mac OS X Security / Secure Transport >framework. Has anyone tried this successfully? i.e. use libcurl with >Darwin SSL and self-signed certs? > >This is what I've done to import the cert into the Security Keychain - > >1. Opened Keychain Access and imported the cert (in .pem format >with ---BEGIN CERTIFICATE---, ---END CERTIFICATE--- tags) to 'System' >and 'login' Keychains. > >2. I read a post that said it needs to be in the X509Anchors >Keychain, which I did not see. So I created a new Keychain called >'X509Anchors' and imported it into that Keychain as well. > >3. Opened my self-signed certificate in Keychain Access, expanded >the 'Trust' section, and selected 'Always Trust' > >4. Read about deleting ~/Library/Preferences/com.apple.security.* >and did that. > >Thanks, >Arun.
Did you disable the peer verification? Self - signed certificates are designed to be used as trust anchor, not a host certificate. Depending on how you read the RFCs DarwinSSL is doing the right thing IMHO. Alternatively you can sign an (host) certificate from that self-signed cert. Oscar ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
