> From: Ray Satiro > Do you have a way to reproduce the missing certs when there is an > expired certificate error? I'm not sure I'd consider it a bug since > certificate information is not guaranteed if the handshake fails, but > I'd still like to know why it works for me and not for you. > > I'm attaching an expired CA certificate expirted_geotrust_ca.crt that I > used to connect to https://download.cyanogenmod.org which caused the > transfer to fail due to "SSL certificate OpenSSL verify result: > certificate has expired". For me it is working to show the certs when > the transfer fails due to expired certificates. > > ? curl_easy_setopt(curl, CURLOPT_CAINFO, "expirted_geotrust_ca.crt");
It turned out to be my fault, of course. With the Debian package (8.14.1), it’s “SSL certificate problem: certificate has expired” and no certs. Building 8.17.0 myself, it blossoms out to “SSL certificate OpenSSL verify result: certificate has expired (10)” and gives a chain of certificates. I’m sorry for thinking that building my own seemed like overkill for something that has just been a modest wish for a few years now. It is always rule number one to have the latest if at all possible. > URL: > <https://lists.haxx.se/pipermail/curl-library/attachments/20251224/5a339fb3/attachment-0001.crt> BTW, this redirects me to https://curl.se/mail/list.cgi?list=curl-library/attachments/20251224/5a339fb3/attachment-0001.crt and gives a page that says “curl-libraryattachmentsafbattachment-crt? Are you playing with me? There is no such list!”. I was able to get the attachment by going to the mailing list archive. -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
