On 12/18/2017 4:28 PM, Thomas van Hesteren via curl-library wrote: > I have a problem which I have described on stack overflow > <https://stackoverflow.com/questions/47876555/c-ssl-cert-in-memory-curl-and-openssl-fails-to-add>. > > > The problem is with adding a in-memory SSL-certificate on an Ubuntu > machine with the ssslctx_function. However, X509_STORE_add_cert always > returns 0 and therefore my application fails to connect. > > What am I doing wrong? On multiple Windows machines this code works great? > > (Please see the thread on stack overflow > <https://stackoverflow.com/questions/47876555/c-ssl-cert-in-memory-curl-and-openssl-fails-to-add> > for > more details)
That is arguably a bug in the example. It's quite possible libcurl may have already loaded the CA certificate that you are trying to load via X509_STORE_add_cert, and so it returns an error. For example your libcurl in Ubuntu may have a CA certificate bundle that was set at build-time and so at runtime it will set that default path [1] and then load them before the CTX callback is called. Set CURLOPT_CAINFO to NULL to override the default. Also, I've fixed the example to stop treating cert-already-exists as an error [2]. It would be helpful if you could test the changes. [1]: https://github.com/curl/curl/blob/curl-7_57_0/lib/url.c#L492-L500 [2]: https://github.com/curl/curl/pull/2182
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
