Hi, Thank you for your responses. In fact,I am compiling with openembedded, I dont have "openssl" executable in my embedded platform. I have only .so files. could that lead to the problem that I am facing ?
Thank you ! 2014-01-07 Dima Tisnek <[email protected]> > please validate both platforms with "openssl s_client" first. > when it comes to embedded, the first error cause that comes to mind is > wrong or unset system time. date and time are required to validate > certificate chain. > > On 3 January 2014 18:43, bill dr <[email protected]> wrote: > > Hi all, > > I am using libcurl to download files from a https server using self > > signed cert file. > > The small code that I wrote is working on my ubuntu PC but not working > > in the target plateform. > > I tested also with command line curl and I had the same certification > issue. > > The two plateforms are quite diffrent but I don't know the root cause > > of this problem. > > > > following the used command in both platforms and the output that I > > have got + the result of curl -V command in both platforms : > > > > > > > > curl -v --digest --noproxy 10.1.1.93 --user test:test --cacert > > server.crt https://10.1.1.93/test.txt > > > > > > > ---------------------------------------------------------------------------------------------- > > result in PC: > > > > > > * About to connect() to 10.1.1.93 port 443 (#0) > > * Trying 10.1.1.93... connected > > * Connected to 10.1.1.93 (10.1.1.93) port 443 (#0) > > * successfully set certificate verify locations: > > * CAfile: server.crt > > CApath: /etc/ssl/certs > > * SSLv3, TLS handshake, Client hello (1): > > * SSLv3, TLS handshake, Server hello (2): > > * SSLv3, TLS handshake, CERT (11): > > * SSLv3, TLS handshake, Server key exchange (12): > > * SSLv3, TLS handshake, Server finished (14): > > * SSLv3, TLS handshake, Client key exchange (16): > > * SSLv3, TLS change cipher, Client hello (1): > > * SSLv3, TLS handshake, Finished (20): > > * SSLv3, TLS change cipher, Client hello (1): > > * SSLv3, TLS handshake, Finished (20): > > * SSL connection using DHE-RSA-AES256-SHA > > * Server certificate: > > * subject: ............... > > * start date: 2013-12-19 11:30:22 GMT > > * expire date: 2023-12-17 11:30:22 GMT > > * common name: 10.1.1.93 (matched) > > * issuer:...................... > > * SSL certificate verify ok. > > * Server auth using Digest with user 'test' > >> GET /suota_manifest.json HTTP/1.1 > >> User-Agent: curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 > OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > >> Host: 10.1.1.93 > >> Accept: */* > > > > > -------------------------------------------------------------------------------------------- > > > > curl -V > > curl 7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k > > zlib/1.2.3.3 libidn/1.15 > > Protocols: tftp ftp telnet dict ldap ldaps http file https ftps > > Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz > > > > > ---------------------------------------------------------------------------------------------- > > > > > > result in embedded plateform: > > > > > > > > * About to connect() to 10.1.1.93 port 443 (#0) > > * Trying 10.1.1.93... > > * connected > > * Connected to 10.1.1.93 (10.1.1.93) port 443 (#0) > > * successfully set certificate verify locations: > > * CAfile: server.crt > > CApath: none > > * SSLv3, TLS handshake, Client hello (1): > > * SSLv3, TLS handshake, Server hello (2): > > * SSLv3, TLS handshake, CERT (11): > > * SSLv3, TLS alert, Server hello (2): > > * SSL certificate problem, verify that the CA cert is OK. Details: > > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > > verify failed > > * Closing connection #0 > > curl: (60) SSL certificate problem, verify that the CA cert is OK. > Details: > > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > > verify failed > > More details here: http://curl.haxx.se/docs/sslcerts.html > > > > curl performs SSL certificate verification by default, using a "bundle" > > of Certificate Authority (CA) public keys (CA certs). If the default > > bundle file isn't adequate, you can specify an alternate file > > using the --cacert option. > > If this HTTPS server uses a certificate signed by a CA represented in > > the bundle, the certificate verification probably failed due to a > > problem with the certificate (it might be expired, or the name might > > not match the domain name in the URL). > > If you'd like to turn off curl's verification of the certificate, use > > the -k (or --insecure) option. > > > > > ---------------------------------------------------------------------------------------------- > > > > curl -V > > curl 7.24.0 (arm-angstrom-linux-gnueabi) libcurl/7.24.0 OpenSSL/1.0.0j > > zlib/1.2.6 libidn/1.24 > > Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s > > rtsp smtp smtps telnet tftp > > Features: IDN NTLM NTLM_WB SSL libz > > > > > ---------------------------------------------------------------------------------------------- > > > > Could you please help me to find what is going wrong ? > > Thank you! > > ------------------------------------------------------------------- > > List admin: http://cool.haxx.se/list/listinfo/curl-library > > Etiquette: http://curl.haxx.se/mail/etiquette.html > ------------------------------------------------------------------- > List admin: http://cool.haxx.se/list/listinfo/curl-library > Etiquette: http://curl.haxx.se/mail/etiquette.html >
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
