вт, 17 июл. 2018 г. в 15:06, Ivan Pilipenko <[email protected] >:
> Good time of the day, > > I have compiled libcurl using the instructions in > winbuild\BUILD.WINDOWS.txt with the following options: > > nmake /f Makefile.vc VC=15 MODE=dll WITH_SSL=dll ENABLE_WINSSL=no > WITH_DEVEL=../deps > > including the openssl files in the deps directory as described. The build > runs fine, except that I can't seem to be able to open a TLS encrypted > connection to my FTP server. The error message is the usual: > > "Peer certificate cannot be authenticated with given CA certificates, > details: SSL certificate problem: unable to get local issuer certificate". > > On linux I was able to fix it by using the --with-ca-bundle option and > pointing it the the correct file. On windows however, there doesn't seem to > be such an option. Using winSSL on windows works, but winSSL requires an > internet connection to get the revocation list. Our product has to be able > to also work on a closed network without internet access, so that's a > no-go. Disabling CLR checking via CURLSSLOPT_NO_REVOKE has also been > declined, unless it's the last resort. > > I have tried putting an exported ca-certificates.crt from our linux test > machine to my working directory on the windows machine, hoping libcurl > would see it, but no dice. > > Where is libcurl with openSSL backend looking for certificates on windows? > AFAIR, CURLOPT_CAINFO can help. Check this thread https://curl.haxx.se/mail/lib-2016-08/0118.html for more info.
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
