> > That's odd, because I did not specify anything on iOS (in code or when > > building libcurl); I do on Android, but I have no idea where the system > > certificates are located on iOS. Do I disable that by explicitly setting > > CURLOPT_CAINFO to the empty string? > > Yes, try setting it to NULL.
So I tried this like so: curl_easy_setopt(curl_handle, CURLOPT_CAPATH, nullptr); curl_easy_setopt(curl_handle, CURLOPT_CAINFO, nullptr); but I still get this: Trying [redacted]:443... Connected to [redacted] ([redacted]) port 443 (#0) ALPN, offering http/1.1 TLSv1.2 (OUT), TLS handshake, Client hello (1): TLSv1.2 (IN), TLS handshake, Server hello (2): TLSv1.2 (IN), TLS handshake, Certificate (11): TLSv1.2 (OUT), TLS alert, unknown CA (560): SSL certificate problem: self signed certificate in certificate chain Closing connection 0 I tried setting it to the empty string in case that was what you meant: curl_easy_setopt(curl_handle, CURLOPT_CAPATH, ""); curl_easy_setopt(curl_handle, CURLOPT_CAINFO, ""); But that results in this: Debug: Trying [redacted]:443... Debug: Connected to [redacted] ([redacted]) port 443 (#0) Debug: ALPN, offering http/1.1 Debug: error setting certificate verify locations: CAfile: CApath: Debug: Closing connection 0 So I assume you really meant NULL! Unfortunately, setting them both to NULL doesn't work, though at least it looks more like it's trying. The error I get in that case -- "self signed certificate in certificate chain" is the same error I was getting on Android before I was able to point it at the right location so I assume that means libcurl isn't finding the iOS certificates? Maybe it's falling back on build defaults (e.g. /etc/ssl/)? I appreciate the help so far, I'm willing to try any further suggestions! Sincerely, Andrew Patterson
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
