Am 25.08.2015 um 22:50 schrieb Daniel Stenberg:
On Tue, 25 Aug 2015, Volker Schmid wrote:
Version:7.43.0
Host: i386-apple-darwin14.0
SSL Version: SecureTransport
ZLib version: 1.2.5
Features: CURL_VERSION_SSL + CURL_VERSION_NTLM + CURL_VERSION_IPV6 +
CURL_VERSION_LIBZ + CURL_VERSION_ASYNCHDNS
Now I try to assign a CAPATH using CURLOPT_CAPATH value for function
curl_easy_setopt(). The provided value is "/System/Library/Keychains/"
(without quotes, folder exists). The result of the call is error 4
(CURLE_NOT_BUILT_IN).
The reason for this is actually mentioned in the man page for this option:
This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The
NSS backend provides the option only for backward compatibility.
... meaning that the SecureTransport backend does not support CURLOPT_CAPATH.
Thanks for the answer. Ok, I understand. But on MacOS I also do not have some
cacerts.pem file usable with CURLOPT_CAINFO. So how to make this working? Or do
I need to provide this file?
I do not need self signed certificates to work but what is the correct way?
Maybe I do not even have to use CURLOPT_CAPATH or CURLOPT_CAINFO on MacOS at
all? Sadly I can not test that much on the customers machine. So best is to
know the correct way before sending him a test version...
Or should I ignore the error 4 if ssl version is "SecureTransport" on MacOS and
simply continue?
Any idea what might be wrong here? Is it my code (worked fine for about 20
Macs in the past 5 months) or is there something else? Maybe the most recent
MacOS update broke something?
I'm pretty sure it only worked while the Macs were still providing libcurl
versions built to use openssl, which they stopped with a while ago when they
switched over to building libcurl with the SecureTransport backend.
I know it working on some standard Mac 10.10 Yosemite machines a few weeks ago
with no problems! It looks like the last Mac updates have changed this...
Best,
Volker
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
