Using curl 7.56.0, built against openssl-1.0.2l, I am using curl_easy_perform() to post to a server and receive results into a file using the CURLOPT_WRITEDATA and an open file handle.
This worked fine under both OSX and Windows using an http url, but when I use https, having installed certificates on the aws-linux server, I find that while OSX still works fine, windows (v10) now fails with error 60, "Peer certificate cannot be authenticated with given CA certificates". The certs are cheap ones - PositiveSSL via Comodo. Reading https://curl.haxx.se/docs/sslcerts.html, I think I understand that this depends on the CA "store" being used on the OS, so my guess was that OSX is trusting PostiveSSL, but Windows is not. But, I find that if I navigate to this site with MS Edge, which presumably uses the same OS CA-store, it is fine with the https site, using those same certs. I see in the doc referenced that I can defeat the peer validation with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE), but I'd prefer a better solution, which may be just buying better certs? This is software that is to be distributed and used by lots of folks, so it's not an option to just update the CA store on my windows machine so that this cert is trusted. Thanks for any help with this. Thomas Blom in Austin, TX
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
