Hello! We've been using libcurl for years but for a long time we were running with peer validation disabled. I know that's terrible, and it wasn't my decision, but I'm attempting to remedy it now.
It took a couple of hours, but I figured out how to get SSL working correctly with libcurl on Android, but I've been stymied on iOS. We were linking it with OpenSSL (like on Android) but I couldn't figure out where to find the certificates on iOS. I know I could upload the cacert.pem from the libcurl website, but I'd like to get this working in a way that doesn't require us to keep updating the certificates if I could. To that end, one of my colleagues wondered why we weren't just using the Secure Transport option -- and that seemed like a good question. I had no problem building it (We use CMake, so I added -DCMAKE_USE_SECTRANSP=ON) but I still can't connect when attempting a network connection with peer verification enabled. I'm very confident that the secure transport code is being utilized, because the error message (see below) comes from lib/vtls/sectransp.c. I hooked up the debug callback and got this (text only): Trying [REDACTED]:443... Debug: Connected to [REDACTED] ([REDACTED]) port 443 (#0) Debug: ALPN, offering http/1.1 Debug: SSL: can't load CA certificate file /etc/ssl/cert.pem Debug: Closing connection 0 Additional information: curlResult was 77. Any idea what I'm doing wrong? I really thought switching to Secure Transport would be the silver bullet so I'd appreciate any suggestions, regardless of whether they're build step or code related! Thanks! Sincerely, Andrew Patterson
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
