Hello all, I am using libcurl in an application that I cross-compile to run on a Raspberry Pi. I've built libcurl on openssl. When I attempt to generate an https POST, I get "Peer certificate cannot be authenticated with given CA certificate." In this case, I'm trying to get my application to talk to Google.
After reading http://curl.haxx.se/docs/sslcerts.html, I tried this: $ sudo apt-get install ca-certificates, which did appear to install correctly. But still no change in using libcurl from my application. I also read somewhere that adding the ca-bundle.crt linked to from http://curl.haxx.se/docs/caextract.html would solve my problem - no change after trying that, either. I don't have a good understanding of certificates or how to work with them. Here is what I think I know: - I'm ignoring all of the many search results that describe how to "self-sign" certificates, because this would apply only if I were getting this message while trying to connect to a server that no one has ever heard of before; certificates for Google or other well-known sites I expect to be included in "standard" certificate bundles. - I don't want to use curl_easy_setopt(curl, CURLOPT_CAPATH, capath)because I've never had to use it for my natively-compiled applications (I do often build libcurl from source, but I've never had to link against an encryption library that I've built myself, which I did do in this case). Is there a reason I should reconsider and use this now? I expected that installing the distribution's ca-certificate bundle would have just worked. So I have a couple of questions: - What does the configure option --with-ca-bundle do? Does this just specify a path to search, or do the certificates actually get included in library binaries? I'm guessing the former, since the certificates need to be updated periodically? - Should I have expected installing the Raspian ca-certificate bundle to solve this issue? Why wouldn't it work? Detailed output from libcurl while I try to connect: * Trying 216.58.219.205... * Connected to accounts.google.com (216.58.219.205) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 Thanks, Kerry
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
