date:20180521

Assigning "sub maintainers" for Windows and cmake!

2018-05-21 Thread Daniel Stenberg


Hi,

Any takers?

I do a lot of stuff in this project. I merge something like 80% of all commits 
and I (currently) author around 60% of all commits. I do this because I think 
it's fun and I enjoy doing it. And I feel that know the technologies involved.


There are however two specific areas that are *definately* not my areas of 
expertise and I sense that our project suffers a bit because I don't easily 
merge patches done within those areas and there's an unclear situation on how 
to go about and get things done there.


I'm talking about cmake and Windows.

I've tried to urge people to speak up with +1's or -1's on PRs and issues to 
use as a guide for me to know how to act on them, but I think this approach 
hasn't worked out very good. Possibly because in several situations I've 
gotten a bunch of arguments both for and against things and then I don't know 
what to do and nobody else feels empowered to step up and make an executive 
decision.


If at all possible, I would like to try to assign two individuals as 
designated maintainers of code that is cmake specific and Windows specific. 
Those two persons would be allowed to and have the responsibility to merge 
code for those areas without my blessing or me even having to look at the 
patches. (Because my looking at such patches are really not very helpful.)


Requirements for these maintainers would be that they know the area, they're 
familar with the curl project and the way we do things and that they have time 
and energy to devote to this.


If you would consider taking on this task or if you want to nominate someone 
else for one of these roles, please let me know. It's fine to contact me 
privately about this if you rather not want to take it here at once.


cmake, 9 currently open issues:

  https://github.com/curl/curl/labels/cmake

Windows, 7 currently open issues:

  https://github.com/curl/curl/labels/windows

--

 / daniel.haxx.se
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Certificates problem

2018-05-21 Thread dp

Ah HA! CURLOPT_CAINFO does indeed work with the static library. Thank you! 
That's real progress (I swear I had tried that before without luck, but I must 
not have).

However, I still get "Unsupported protocol" if I link with libcurl.lib instead 
of libcurl_a.lib. Any thoughts on that?


-Original Message-
From: "Patrick Schlangen" [patr...@schlangen.me]
Date: 05/21/2018 09:45 AM
To: "libcurl development" 
Subject: Re: Certificates problem

Hi,

maybe try CURLOPT_CAINFO instead of CURLOPT_ISSUERCERT?

- Patrick


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.htm


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Certificates problem

2018-05-21 Thread dp

No, I'm not sure the CA is used to sign. I tried it as a guess.

Which call is CAFILE use with? I'm not finding it listed in the API.



-Original Message-
From: "Waitman Gobble" [gobble...@gmail.com]
Date: 05/21/2018 09:17 AM
To: "libcurl development" 
Subject: Re: Certificates problem

On Mon, May 21, 2018 at 9:46 AM, dp  wrote:
> I am having trouble getting libcurl to work with a secure website. I am using 
> cUrl version 7.59.0, OpenSSL 1.0.2, compiling with Visual Studio 10, and 
> running this on XP/SP3. I built both static and DLL libraries, and that 
> completed without any errors. I can link either library without warnings or 
> errors. The calls to curl_easy_setopt()  include:
>
> -- CURLOPT_ISSUERCERT, 
> -- CURLOPT_DEBUGFUNCTION,
> -- CURLOPT_VERBOSE, 1L
> -- CURLOPT_URL,"https://api.sunrise-sunset.org/json?lat=37.92=-97.22;
>
> If I build with the static library (libcurl_a.lib), curl_easy_perform() 
> returns 60: Peer certificate cannot be authenticated with given CA 
> certificates. The verbose output appears to show certificate exchange (I am 
> not knowledgeable about CAs), and ends with "SSL certificate problem: unable 
> to get local issuer certificate"
>
> With the DLL library (libcurl.lib), curl_easy_perform() returns 1: 
> Unsupported protocol. The verbose output says "Protocol https not supported 
> or disabled in libcurl"
>
> In both versions, the output from curl.exe -V is:
>
> curl 7.59.0 (i386-pc-win32) libcurl/7.59.0 OpenSSL/1.0.2n WinIDN
> Release-Date: 2018-03-14
> Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s 
> rtsp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL 
> HTTPS-proxy
>
> Did I fail to build the OpenSSL libraries properly, so that certificates are 
> being mishandled? Is there another option I need to set before calling 
> curl_easy_perform()? Is the difference in responses (libcurl.lib versus 
> libcurl_a.lib) expected? I am trying to avoid the workaround that involves 
> ignoring verification of certificates.
>
> Thanks.
>
>
>
>
>
> ---
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette:   https://curl.haxx.se/mail/etiquette.html


you are certain that the specified CA cert is used to sign?

does -CAFile report verify OK


# openssl s_client -connect api.sunrise-sunset.org:443

CONNECTED(0003)
depth=0 C = US, ST = New York
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = New York
verify return:1
---
Certificate chain
 0 s:/C=US/ST=New York
   i:/C=US/ST=New York
---
Server certificate
-BEGIN CERTIFICATE-
MIIDEzCCAfugAwIBAgIJALD4Y/3QNFzFMA0GCSqGSIb3DQEBCwUAMCAxCzAJBgNV
BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazAeFw0xNDA5MDYxNTMzNTRaFw0yNDA2
MDUxNTMzNTRaMCAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3ee7Yhr8scBW7Lw2ZdBc61EexY
8DljaI+g/S127QrcjCvRkpmWYmdOX+cdPmGdPbIuWAiLNWHyx6PP22fuJ5N84e8O
XfmxlmNaQpmiLiSNkOPdqvuG4V2ZOfEJykCYLHoPNfrT9Xlo89qJ2syjNT263+0K
gF734TRsbpjaI1dL7OKTi2SGNcBvIWzf4Pi/uHqD/mOXZ9/BbbnzisZTQ2Hu2Dg9
SvmFc4u1KXctIB0SQKwNwL+yZ7sMWJSLY/EP0S09T+HUuyJGTp2r+uiGJYzWoha3
wECVNg79XLCcgYMhQ4nrjYyXa4XTcOT6fmSO6W9g97sfAzTXObuJBo4J3vsCAwEA
AaNQME4wHQYDVR0OBBYEFByT8USXKoZOGAa3ayXQLYqKRMV+MB8GA1UdIwQYMBaA
FByT8USXKoZOGAa3ayXQLYqKRMV+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAH0OVpa2xsX5fLsTkY7yHjbiVSV3s6CHVqZO+Evwbn1/zjPSk7dIoBn6
5rs7SHAIAH+BdWa6K0M0KqlO7YKPI4pTeZIIafg4bDwwgaORO1LetMsIXtzO6J3W
dCV9PGRwp8S01R1rK2HLQsbS3pfxP1j0zRDeoAyH6Nq9qYuj1XxmJdrH9zwMH+8y
xsn3s06qw4WnUFXTFCYpZegbltEN0ngtNlviTAEewgGoz4I6xUr31Te1AvWT8CrO
S6w9Yh1jgaDsuBpFrzqR2KHyNpYlZ8VNDnkt8Wn6i7BIPkSbbsUFdKYWNl3VfKZE
riqeyAbdrkJW72TC7cQgmRASRlsDCJ0=
-END CERTIFICATE-
subject=/C=US/ST=New York
issuer=/C=US/ST=New York
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1466 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher: ECDHE-RSA-AES128-GCM-SHA256
Session-ID: EB5968AF394E3D9179051A514538E00674FF713D0701455D08C343228EF969FB
Session-ID-ctx:
Master-Key:
B2B2C19994F13342D7E05BCBF2003E976320F47A474883958C2506A2A3C3A1B9AE39F5F5312A78ADFB409AC29820024C
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
 - ec 96 14 18 dd ca 70 04-4c 14 8a c1 47 46 0f 59   ..p.L...GF.Y
0010 - dd 9c 57 04 cd 43 30 1c-58 6d 7f dc 6b 12 92 58   ..W..C0.Xm..k..X
0020 - dd 40 8c fc 63 d7 c3 e6-4b bc 11 bc 3d f2 58 c5   .@..c...K...=.X.
0030 - b4 12 a7 73 7d 5e b1 aa-9b 24

Re: Certificates problem

2018-05-21 Thread Patrick Schlangen

Hi,

maybe try CURLOPT_CAINFO instead of CURLOPT_ISSUERCERT?

- Patrick


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Old Curl Project

2018-05-21 Thread Daniel Stenberg


On Mon, 21 May 2018, Don Landsom wrote:

All seems OK, successfully built everything and SMTP showed up as a 
protocol, the VB app was able to connect to a mail server, but Curl doesn't 
seem to be using SSL so the login request was rejected.


It doesn't use SSL unless you tell it to. For SMTP that's typically be done 
with CURLOPT_USE_SSL (for "STARTTLS" style TLS), or in the more unusual case 
using an SMTPS:// URL (if you want TLS already in the connection handshake).


I certainly don't know what I'm doing here, is SSL even what's needed for 
SMTP to work over a secure connection?


Yes. Without SSL (TLS really), SMTP is totally insecure.

--

 / daniel.haxx.se
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Certificates problem

2018-05-21 Thread Waitman Gobble

On Mon, May 21, 2018 at 9:46 AM, dp  wrote:
> I am having trouble getting libcurl to work with a secure website. I am using 
> cUrl version 7.59.0, OpenSSL 1.0.2, compiling with Visual Studio 10, and 
> running this on XP/SP3. I built both static and DLL libraries, and that 
> completed without any errors. I can link either library without warnings or 
> errors. The calls to curl_easy_setopt()  include:
>
> -- CURLOPT_ISSUERCERT, 
> -- CURLOPT_DEBUGFUNCTION,
> -- CURLOPT_VERBOSE, 1L
> -- CURLOPT_URL,"https://api.sunrise-sunset.org/json?lat=37.92=-97.22;
>
> If I build with the static library (libcurl_a.lib), curl_easy_perform() 
> returns 60: Peer certificate cannot be authenticated with given CA 
> certificates. The verbose output appears to show certificate exchange (I am 
> not knowledgeable about CAs), and ends with "SSL certificate problem: unable 
> to get local issuer certificate"
>
> With the DLL library (libcurl.lib), curl_easy_perform() returns 1: 
> Unsupported protocol. The verbose output says "Protocol https not supported 
> or disabled in libcurl"
>
> In both versions, the output from curl.exe -V is:
>
> curl 7.59.0 (i386-pc-win32) libcurl/7.59.0 OpenSSL/1.0.2n WinIDN
> Release-Date: 2018-03-14
> Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s 
> rtsp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL 
> HTTPS-proxy
>
> Did I fail to build the OpenSSL libraries properly, so that certificates are 
> being mishandled? Is there another option I need to set before calling 
> curl_easy_perform()? Is the difference in responses (libcurl.lib versus 
> libcurl_a.lib) expected? I am trying to avoid the workaround that involves 
> ignoring verification of certificates.
>
> Thanks.
>
>
>
>
>
> ---
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette:   https://curl.haxx.se/mail/etiquette.html


you are certain that the specified CA cert is used to sign?

does -CAFile report verify OK


# openssl s_client -connect api.sunrise-sunset.org:443

CONNECTED(0003)
depth=0 C = US, ST = New York
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = New York
verify return:1
---
Certificate chain
 0 s:/C=US/ST=New York
   i:/C=US/ST=New York
---
Server certificate
-BEGIN CERTIFICATE-
MIIDEzCCAfugAwIBAgIJALD4Y/3QNFzFMA0GCSqGSIb3DQEBCwUAMCAxCzAJBgNV
BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazAeFw0xNDA5MDYxNTMzNTRaFw0yNDA2
MDUxNTMzNTRaMCAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3ee7Yhr8scBW7Lw2ZdBc61EexY
8DljaI+g/S127QrcjCvRkpmWYmdOX+cdPmGdPbIuWAiLNWHyx6PP22fuJ5N84e8O
XfmxlmNaQpmiLiSNkOPdqvuG4V2ZOfEJykCYLHoPNfrT9Xlo89qJ2syjNT263+0K
gF734TRsbpjaI1dL7OKTi2SGNcBvIWzf4Pi/uHqD/mOXZ9/BbbnzisZTQ2Hu2Dg9
SvmFc4u1KXctIB0SQKwNwL+yZ7sMWJSLY/EP0S09T+HUuyJGTp2r+uiGJYzWoha3
wECVNg79XLCcgYMhQ4nrjYyXa4XTcOT6fmSO6W9g97sfAzTXObuJBo4J3vsCAwEA
AaNQME4wHQYDVR0OBBYEFByT8USXKoZOGAa3ayXQLYqKRMV+MB8GA1UdIwQYMBaA
FByT8USXKoZOGAa3ayXQLYqKRMV+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAH0OVpa2xsX5fLsTkY7yHjbiVSV3s6CHVqZO+Evwbn1/zjPSk7dIoBn6
5rs7SHAIAH+BdWa6K0M0KqlO7YKPI4pTeZIIafg4bDwwgaORO1LetMsIXtzO6J3W
dCV9PGRwp8S01R1rK2HLQsbS3pfxP1j0zRDeoAyH6Nq9qYuj1XxmJdrH9zwMH+8y
xsn3s06qw4WnUFXTFCYpZegbltEN0ngtNlviTAEewgGoz4I6xUr31Te1AvWT8CrO
S6w9Yh1jgaDsuBpFrzqR2KHyNpYlZ8VNDnkt8Wn6i7BIPkSbbsUFdKYWNl3VfKZE
riqeyAbdrkJW72TC7cQgmRASRlsDCJ0=
-END CERTIFICATE-
subject=/C=US/ST=New York
issuer=/C=US/ST=New York
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1466 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher: ECDHE-RSA-AES128-GCM-SHA256
Session-ID: EB5968AF394E3D9179051A514538E00674FF713D0701455D08C343228EF969FB
Session-ID-ctx:
Master-Key:
B2B2C19994F13342D7E05BCBF2003E976320F47A474883958C2506A2A3C3A1B9AE39F5F5312A78ADFB409AC29820024C
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
 - ec 96 14 18 dd ca 70 04-4c 14 8a c1 47 46 0f 59   ..p.L...GF.Y
0010 - dd 9c 57 04 cd 43 30 1c-58 6d 7f dc 6b 12 92 58   ..W..C0.Xm..k..X
0020 - dd 40 8c fc 63 d7 c3 e6-4b bc 11 bc 3d f2 58 c5   .@..c...K...=.X.
0030 - b4 12 a7 73 7d 5e b1 aa-9b 24 7f 26 43 05 87 fd   ...s}^...$.
0040 - 33 dd 49 ad 6a 99 5a 17-e7 79 20 5f ac 44 8b b4   3.I.j.Z..y _.D..
0050 - ec d6 92 77 4e c9 77 80-b2 48 87 5e 41 7b d7 e7   ...wN.w..H.^A{..
0060 - 22 58 f2 bd 2e a8 d4 68-01 e5 a1 d5 8b 11 e7 e1   "X.h
0070 - cb 2c 89 bf 28 ba e0 12-26 e6 40 fa a8 43 85

Re: Old Curl Project

2018-05-21 Thread Don Landsom


Dang - celebrated too soon.

All seems OK, successfully built everything and SMTP showed up as a 
protocol, the VB app was able to connect to a mail server, but Curl doesn't 
seem to be using SSL so the login request was rejected.


Openssl compiled without errors and all of the provided test code passed. 
And if Curl is linked without ssleay, a bunch of unresolved externals show 
up, so I'm pretty sure the SSL code / calls are in there being referenced.


Besides getting all of the parts built and linked, are there switches / 
options that are needed to enable the use of SSL?


I certainly don't know what I'm doing here, is SSL even what's needed for 
SMTP to work over a secure connection?


Thanks.

- Original Message - 
From: "Don Landsom" 

To: "libcurl development" 
Sent: Monday, May 21, 2018 3:56 AM
Subject: Re: Old Curl Project



Daniel - thanks for the info, especially about CURL_STATICLIB.

Its been like 2 steps forward and 3 steps back, but I've got things built. 
The VB app is able to make calls through vblibcurl to libcurl. Checking 
the Curl version / protocol info, SMTP is displayed which was what we were 
shooting for.


One last hurdle, we will be adding our custom mail support code and see if 
everything works.


Thanks to everyone for all of the help.

- Original Message - 
From: "Daniel Stenberg" 

To: "libcurl development" 
Sent: Saturday, May 19, 2018 5:36 AM
Subject: Re: Old Curl Project



On Sat, 19 May 2018, Don Landsom wrote:


Depending on which version of Curl being used, either the Curl ‘easy’
functions comes up as unresolved externals, or VB throws and error.

For Curl builds, are their options available to exclude / include the 
easy

functions in the dll?


They're always there in the DLL - and all the documented symbols are 
present

whatever build options or combos you use, exactly for the purpose of not
causing link problems. At least they should be.

If you want to link with a static lib, you need CURL_STATICLIB defined 
when

you build your application.

--

 / daniel.haxx.se







---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html 


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Certificates problem

2018-05-21 Thread dp

I am having trouble getting libcurl to work with a secure website. I am using 
cUrl version 7.59.0, OpenSSL 1.0.2, compiling with Visual Studio 10, and 
running this on XP/SP3. I built both static and DLL libraries, and that 
completed without any errors. I can link either library without warnings or 
errors. The calls to curl_easy_setopt()  include:

-- CURLOPT_ISSUERCERT, 
-- CURLOPT_DEBUGFUNCTION,
-- CURLOPT_VERBOSE, 1L
-- CURLOPT_URL,"https://api.sunrise-sunset.org/json?lat=37.92=-97.22;

If I build with the static library (libcurl_a.lib), curl_easy_perform() returns 
60: Peer certificate cannot be authenticated with given CA certificates. The 
verbose output appears to show certificate exchange (I am not knowledgeable 
about CAs), and ends with "SSL certificate problem: unable to get local issuer 
certificate"

With the DLL library (libcurl.lib), curl_easy_perform() returns 1: Unsupported 
protocol. The verbose output says "Protocol https not supported or disabled in 
libcurl"

In both versions, the output from curl.exe -V is:

curl 7.59.0 (i386-pc-win32) libcurl/7.59.0 OpenSSL/1.0.2n WinIDN
Release-Date: 2018-03-14
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp 
smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL 
HTTPS-proxy 

Did I fail to build the OpenSSL libraries properly, so that certificates are 
being mishandled? Is there another option I need to set before calling 
curl_easy_perform()? Is the difference in responses (libcurl.lib versus 
libcurl_a.lib) expected? I am trying to avoid the workaround that involves 
ignoring verification of certificates.

Thanks.





---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Old Curl Project

2018-05-21 Thread Don Landsom


Daniel - thanks for the info, especially about CURL_STATICLIB.

Its been like 2 steps forward and 3 steps back, but I've got things built. 
The VB app is able to make calls through vblibcurl to libcurl. Checking the 
Curl version / protocol info, SMTP is displayed which was what we were 
shooting for.


One last hurdle, we will be adding our custom mail support code and see if 
everything works.


Thanks to everyone for all of the help.

- Original Message - 
From: "Daniel Stenberg" 

To: "libcurl development" 
Sent: Saturday, May 19, 2018 5:36 AM
Subject: Re: Old Curl Project



On Sat, 19 May 2018, Don Landsom wrote:


Depending on which version of Curl being used, either the Curl ‘easy’
functions comes up as unresolved externals, or VB throws and error.

For Curl builds, are their options available to exclude / include the 
easy

functions in the dll?


They're always there in the DLL - and all the documented symbols are 
present

whatever build options or combos you use, exactly for the purpose of not
causing link problems. At least they should be.

If you want to link with a static lib, you need CURL_STATICLIB defined 
when

you build your application.

--

 / daniel.haxx.se







---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html 


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Assigning "sub maintainers" for Windows and cmake!

Re: Certificates problem

Re: Certificates problem

Re: Certificates problem

Re: Old Curl Project

Re: Certificates problem

Re: Old Curl Project

Certificates problem

Re: Old Curl Project

9 matches

Site Navigation

Mail list logo

Footer information