Assigning "sub maintainers" for Windows and cmake!
Hi, Any takers? I do a lot of stuff in this project. I merge something like 80% of all commits and I (currently) author around 60% of all commits. I do this because I think it's fun and I enjoy doing it. And I feel that know the technologies involved. There are however two specific areas that are *definately* not my areas of expertise and I sense that our project suffers a bit because I don't easily merge patches done within those areas and there's an unclear situation on how to go about and get things done there. I'm talking about cmake and Windows. I've tried to urge people to speak up with +1's or -1's on PRs and issues to use as a guide for me to know how to act on them, but I think this approach hasn't worked out very good. Possibly because in several situations I've gotten a bunch of arguments both for and against things and then I don't know what to do and nobody else feels empowered to step up and make an executive decision. If at all possible, I would like to try to assign two individuals as designated maintainers of code that is cmake specific and Windows specific. Those two persons would be allowed to and have the responsibility to merge code for those areas without my blessing or me even having to look at the patches. (Because my looking at such patches are really not very helpful.) Requirements for these maintainers would be that they know the area, they're familar with the curl project and the way we do things and that they have time and energy to devote to this. If you would consider taking on this task or if you want to nominate someone else for one of these roles, please let me know. It's fine to contact me privately about this if you rather not want to take it here at once. cmake, 9 currently open issues: https://github.com/curl/curl/labels/cmake Windows, 7 currently open issues: https://github.com/curl/curl/labels/windows -- / daniel.haxx.se --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Certificates problem
Ah HA! CURLOPT_CAINFO does indeed work with the static library. Thank you! That's real progress (I swear I had tried that before without luck, but I must not have). However, I still get "Unsupported protocol" if I link with libcurl.lib instead of libcurl_a.lib. Any thoughts on that? -Original Message- From: "Patrick Schlangen" [patr...@schlangen.me] Date: 05/21/2018 09:45 AM To: "libcurl development"Subject: Re: Certificates problem Hi, maybe try CURLOPT_CAINFO instead of CURLOPT_ISSUERCERT? - Patrick --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htm --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Certificates problem
No, I'm not sure the CA is used to sign. I tried it as a guess. Which call is CAFILE use with? I'm not finding it listed in the API. -Original Message- From: "Waitman Gobble" [gobble...@gmail.com] Date: 05/21/2018 09:17 AM To: "libcurl development"Subject: Re: Certificates problem On Mon, May 21, 2018 at 9:46 AM, dp wrote: > I am having trouble getting libcurl to work with a secure website. I am using > cUrl version 7.59.0, OpenSSL 1.0.2, compiling with Visual Studio 10, and > running this on XP/SP3. I built both static and DLL libraries, and that > completed without any errors. I can link either library without warnings or > errors. The calls to curl_easy_setopt() include: > > -- CURLOPT_ISSUERCERT, > -- CURLOPT_DEBUGFUNCTION, > -- CURLOPT_VERBOSE, 1L > -- CURLOPT_URL,"https://api.sunrise-sunset.org/json?lat=37.92=-97.22; > > If I build with the static library (libcurl_a.lib), curl_easy_perform() > returns 60: Peer certificate cannot be authenticated with given CA > certificates. The verbose output appears to show certificate exchange (I am > not knowledgeable about CAs), and ends with "SSL certificate problem: unable > to get local issuer certificate" > > With the DLL library (libcurl.lib), curl_easy_perform() returns 1: > Unsupported protocol. The verbose output says "Protocol https not supported > or disabled in libcurl" > > In both versions, the output from curl.exe -V is: > > curl 7.59.0 (i386-pc-win32) libcurl/7.59.0 OpenSSL/1.0.2n WinIDN > Release-Date: 2018-03-14 > Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s > rtsp smb smbs smtp smtps telnet tftp > Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL > HTTPS-proxy > > Did I fail to build the OpenSSL libraries properly, so that certificates are > being mishandled? Is there another option I need to set before calling > curl_easy_perform()? Is the difference in responses (libcurl.lib versus > libcurl_a.lib) expected? I am trying to avoid the workaround that involves > ignoring verification of certificates. > > Thanks. > > > > > > --- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html you are certain that the specified CA cert is used to sign? does -CAFile report verify OK # openssl s_client -connect api.sunrise-sunset.org:443 CONNECTED(0003) depth=0 C = US, ST = New York verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = New York verify return:1 --- Certificate chain 0 s:/C=US/ST=New York i:/C=US/ST=New York --- Server certificate -BEGIN CERTIFICATE- MIIDEzCCAfugAwIBAgIJALD4Y/3QNFzFMA0GCSqGSIb3DQEBCwUAMCAxCzAJBgNV BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazAeFw0xNDA5MDYxNTMzNTRaFw0yNDA2 MDUxNTMzNTRaMCAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3ee7Yhr8scBW7Lw2ZdBc61EexY 8DljaI+g/S127QrcjCvRkpmWYmdOX+cdPmGdPbIuWAiLNWHyx6PP22fuJ5N84e8O XfmxlmNaQpmiLiSNkOPdqvuG4V2ZOfEJykCYLHoPNfrT9Xlo89qJ2syjNT263+0K gF734TRsbpjaI1dL7OKTi2SGNcBvIWzf4Pi/uHqD/mOXZ9/BbbnzisZTQ2Hu2Dg9 SvmFc4u1KXctIB0SQKwNwL+yZ7sMWJSLY/EP0S09T+HUuyJGTp2r+uiGJYzWoha3 wECVNg79XLCcgYMhQ4nrjYyXa4XTcOT6fmSO6W9g97sfAzTXObuJBo4J3vsCAwEA AaNQME4wHQYDVR0OBBYEFByT8USXKoZOGAa3ayXQLYqKRMV+MB8GA1UdIwQYMBaA FByT8USXKoZOGAa3ayXQLYqKRMV+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL BQADggEBAH0OVpa2xsX5fLsTkY7yHjbiVSV3s6CHVqZO+Evwbn1/zjPSk7dIoBn6 5rs7SHAIAH+BdWa6K0M0KqlO7YKPI4pTeZIIafg4bDwwgaORO1LetMsIXtzO6J3W dCV9PGRwp8S01R1rK2HLQsbS3pfxP1j0zRDeoAyH6Nq9qYuj1XxmJdrH9zwMH+8y xsn3s06qw4WnUFXTFCYpZegbltEN0ngtNlviTAEewgGoz4I6xUr31Te1AvWT8CrO S6w9Yh1jgaDsuBpFrzqR2KHyNpYlZ8VNDnkt8Wn6i7BIPkSbbsUFdKYWNl3VfKZE riqeyAbdrkJW72TC7cQgmRASRlsDCJ0= -END CERTIFICATE- subject=/C=US/ST=New York issuer=/C=US/ST=New York --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1466 bytes and written 433 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES128-GCM-SHA256 Session-ID: EB5968AF394E3D9179051A514538E00674FF713D0701455D08C343228EF969FB Session-ID-ctx: Master-Key: B2B2C19994F13342D7E05BCBF2003E976320F47A474883958C2506A2A3C3A1B9AE39F5F5312A78ADFB409AC29820024C Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: - ec 96 14 18 dd ca 70 04-4c 14 8a c1 47 46 0f 59 ..p.L...GF.Y 0010 - dd 9c 57 04 cd 43 30 1c-58 6d 7f dc 6b 12 92 58 ..W..C0.Xm..k..X 0020 - dd 40 8c fc 63 d7 c3 e6-4b bc 11 bc 3d f2 58 c5 .@..c...K...=.X. 0030 - b4 12 a7 73 7d 5e b1 aa-9b 24
Re: Certificates problem
Hi, maybe try CURLOPT_CAINFO instead of CURLOPT_ISSUERCERT? - Patrick --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Old Curl Project
On Mon, 21 May 2018, Don Landsom wrote: All seems OK, successfully built everything and SMTP showed up as a protocol, the VB app was able to connect to a mail server, but Curl doesn't seem to be using SSL so the login request was rejected. It doesn't use SSL unless you tell it to. For SMTP that's typically be done with CURLOPT_USE_SSL (for "STARTTLS" style TLS), or in the more unusual case using an SMTPS:// URL (if you want TLS already in the connection handshake). I certainly don't know what I'm doing here, is SSL even what's needed for SMTP to work over a secure connection? Yes. Without SSL (TLS really), SMTP is totally insecure. -- / daniel.haxx.se --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Certificates problem
On Mon, May 21, 2018 at 9:46 AM, dpwrote: > I am having trouble getting libcurl to work with a secure website. I am using > cUrl version 7.59.0, OpenSSL 1.0.2, compiling with Visual Studio 10, and > running this on XP/SP3. I built both static and DLL libraries, and that > completed without any errors. I can link either library without warnings or > errors. The calls to curl_easy_setopt() include: > > -- CURLOPT_ISSUERCERT, > -- CURLOPT_DEBUGFUNCTION, > -- CURLOPT_VERBOSE, 1L > -- CURLOPT_URL,"https://api.sunrise-sunset.org/json?lat=37.92=-97.22; > > If I build with the static library (libcurl_a.lib), curl_easy_perform() > returns 60: Peer certificate cannot be authenticated with given CA > certificates. The verbose output appears to show certificate exchange (I am > not knowledgeable about CAs), and ends with "SSL certificate problem: unable > to get local issuer certificate" > > With the DLL library (libcurl.lib), curl_easy_perform() returns 1: > Unsupported protocol. The verbose output says "Protocol https not supported > or disabled in libcurl" > > In both versions, the output from curl.exe -V is: > > curl 7.59.0 (i386-pc-win32) libcurl/7.59.0 OpenSSL/1.0.2n WinIDN > Release-Date: 2018-03-14 > Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s > rtsp smb smbs smtp smtps telnet tftp > Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL > HTTPS-proxy > > Did I fail to build the OpenSSL libraries properly, so that certificates are > being mishandled? Is there another option I need to set before calling > curl_easy_perform()? Is the difference in responses (libcurl.lib versus > libcurl_a.lib) expected? I am trying to avoid the workaround that involves > ignoring verification of certificates. > > Thanks. > > > > > > --- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html you are certain that the specified CA cert is used to sign? does -CAFile report verify OK # openssl s_client -connect api.sunrise-sunset.org:443 CONNECTED(0003) depth=0 C = US, ST = New York verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = New York verify return:1 --- Certificate chain 0 s:/C=US/ST=New York i:/C=US/ST=New York --- Server certificate -BEGIN CERTIFICATE- MIIDEzCCAfugAwIBAgIJALD4Y/3QNFzFMA0GCSqGSIb3DQEBCwUAMCAxCzAJBgNV BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazAeFw0xNDA5MDYxNTMzNTRaFw0yNDA2 MDUxNTMzNTRaMCAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3ee7Yhr8scBW7Lw2ZdBc61EexY 8DljaI+g/S127QrcjCvRkpmWYmdOX+cdPmGdPbIuWAiLNWHyx6PP22fuJ5N84e8O XfmxlmNaQpmiLiSNkOPdqvuG4V2ZOfEJykCYLHoPNfrT9Xlo89qJ2syjNT263+0K gF734TRsbpjaI1dL7OKTi2SGNcBvIWzf4Pi/uHqD/mOXZ9/BbbnzisZTQ2Hu2Dg9 SvmFc4u1KXctIB0SQKwNwL+yZ7sMWJSLY/EP0S09T+HUuyJGTp2r+uiGJYzWoha3 wECVNg79XLCcgYMhQ4nrjYyXa4XTcOT6fmSO6W9g97sfAzTXObuJBo4J3vsCAwEA AaNQME4wHQYDVR0OBBYEFByT8USXKoZOGAa3ayXQLYqKRMV+MB8GA1UdIwQYMBaA FByT8USXKoZOGAa3ayXQLYqKRMV+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL BQADggEBAH0OVpa2xsX5fLsTkY7yHjbiVSV3s6CHVqZO+Evwbn1/zjPSk7dIoBn6 5rs7SHAIAH+BdWa6K0M0KqlO7YKPI4pTeZIIafg4bDwwgaORO1LetMsIXtzO6J3W dCV9PGRwp8S01R1rK2HLQsbS3pfxP1j0zRDeoAyH6Nq9qYuj1XxmJdrH9zwMH+8y xsn3s06qw4WnUFXTFCYpZegbltEN0ngtNlviTAEewgGoz4I6xUr31Te1AvWT8CrO S6w9Yh1jgaDsuBpFrzqR2KHyNpYlZ8VNDnkt8Wn6i7BIPkSbbsUFdKYWNl3VfKZE riqeyAbdrkJW72TC7cQgmRASRlsDCJ0= -END CERTIFICATE- subject=/C=US/ST=New York issuer=/C=US/ST=New York --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1466 bytes and written 433 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES128-GCM-SHA256 Session-ID: EB5968AF394E3D9179051A514538E00674FF713D0701455D08C343228EF969FB Session-ID-ctx: Master-Key: B2B2C19994F13342D7E05BCBF2003E976320F47A474883958C2506A2A3C3A1B9AE39F5F5312A78ADFB409AC29820024C Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: - ec 96 14 18 dd ca 70 04-4c 14 8a c1 47 46 0f 59 ..p.L...GF.Y 0010 - dd 9c 57 04 cd 43 30 1c-58 6d 7f dc 6b 12 92 58 ..W..C0.Xm..k..X 0020 - dd 40 8c fc 63 d7 c3 e6-4b bc 11 bc 3d f2 58 c5 .@..c...K...=.X. 0030 - b4 12 a7 73 7d 5e b1 aa-9b 24 7f 26 43 05 87 fd ...s}^...$. 0040 - 33 dd 49 ad 6a 99 5a 17-e7 79 20 5f ac 44 8b b4 3.I.j.Z..y _.D.. 0050 - ec d6 92 77 4e c9 77 80-b2 48 87 5e 41 7b d7 e7 ...wN.w..H.^A{.. 0060 - 22 58 f2 bd 2e a8 d4 68-01 e5 a1 d5 8b 11 e7 e1 "X.h 0070 - cb 2c 89 bf 28 ba e0 12-26 e6 40 fa a8 43 85
Re: Old Curl Project
Dang - celebrated too soon. All seems OK, successfully built everything and SMTP showed up as a protocol, the VB app was able to connect to a mail server, but Curl doesn't seem to be using SSL so the login request was rejected. Openssl compiled without errors and all of the provided test code passed. And if Curl is linked without ssleay, a bunch of unresolved externals show up, so I'm pretty sure the SSL code / calls are in there being referenced. Besides getting all of the parts built and linked, are there switches / options that are needed to enable the use of SSL? I certainly don't know what I'm doing here, is SSL even what's needed for SMTP to work over a secure connection? Thanks. - Original Message - From: "Don Landsom"To: "libcurl development" Sent: Monday, May 21, 2018 3:56 AM Subject: Re: Old Curl Project Daniel - thanks for the info, especially about CURL_STATICLIB. Its been like 2 steps forward and 3 steps back, but I've got things built. The VB app is able to make calls through vblibcurl to libcurl. Checking the Curl version / protocol info, SMTP is displayed which was what we were shooting for. One last hurdle, we will be adding our custom mail support code and see if everything works. Thanks to everyone for all of the help. - Original Message - From: "Daniel Stenberg" To: "libcurl development" Sent: Saturday, May 19, 2018 5:36 AM Subject: Re: Old Curl Project On Sat, 19 May 2018, Don Landsom wrote: Depending on which version of Curl being used, either the Curl ‘easy’ functions comes up as unresolved externals, or VB throws and error. For Curl builds, are their options available to exclude / include the easy functions in the dll? They're always there in the DLL - and all the documented symbols are present whatever build options or combos you use, exactly for the purpose of not causing link problems. At least they should be. If you want to link with a static lib, you need CURL_STATICLIB defined when you build your application. -- / daniel.haxx.se --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Certificates problem
I am having trouble getting libcurl to work with a secure website. I am using cUrl version 7.59.0, OpenSSL 1.0.2, compiling with Visual Studio 10, and running this on XP/SP3. I built both static and DLL libraries, and that completed without any errors. I can link either library without warnings or errors. The calls to curl_easy_setopt() include: -- CURLOPT_ISSUERCERT, -- CURLOPT_DEBUGFUNCTION, -- CURLOPT_VERBOSE, 1L -- CURLOPT_URL,"https://api.sunrise-sunset.org/json?lat=37.92=-97.22; If I build with the static library (libcurl_a.lib), curl_easy_perform() returns 60: Peer certificate cannot be authenticated with given CA certificates. The verbose output appears to show certificate exchange (I am not knowledgeable about CAs), and ends with "SSL certificate problem: unable to get local issuer certificate" With the DLL library (libcurl.lib), curl_easy_perform() returns 1: Unsupported protocol. The verbose output says "Protocol https not supported or disabled in libcurl" In both versions, the output from curl.exe -V is: curl 7.59.0 (i386-pc-win32) libcurl/7.59.0 OpenSSL/1.0.2n WinIDN Release-Date: 2018-03-14 Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL HTTPS-proxy Did I fail to build the OpenSSL libraries properly, so that certificates are being mishandled? Is there another option I need to set before calling curl_easy_perform()? Is the difference in responses (libcurl.lib versus libcurl_a.lib) expected? I am trying to avoid the workaround that involves ignoring verification of certificates. Thanks. --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Old Curl Project
Daniel - thanks for the info, especially about CURL_STATICLIB. Its been like 2 steps forward and 3 steps back, but I've got things built. The VB app is able to make calls through vblibcurl to libcurl. Checking the Curl version / protocol info, SMTP is displayed which was what we were shooting for. One last hurdle, we will be adding our custom mail support code and see if everything works. Thanks to everyone for all of the help. - Original Message - From: "Daniel Stenberg"To: "libcurl development" Sent: Saturday, May 19, 2018 5:36 AM Subject: Re: Old Curl Project On Sat, 19 May 2018, Don Landsom wrote: Depending on which version of Curl being used, either the Curl ‘easy’ functions comes up as unresolved externals, or VB throws and error. For Curl builds, are their options available to exclude / include the easy functions in the dll? They're always there in the DLL - and all the documented symbols are present whatever build options or combos you use, exactly for the purpose of not causing link problems. At least they should be. If you want to link with a static lib, you need CURL_STATICLIB defined when you build your application. -- / daniel.haxx.se --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html