Thread: [axtls-general] CA cert problems
Brought to you by:
cameronrich
From: Daniel S. <da...@ha...> - 2011-01-12 22:06:21
|
Hi friends, We recently got libcurl (http://curl.haxx.se/libcurl/) the ability to build and run with axTLS doing the TLS layer and we've really enjoyed the recent improvements done to axTLS. Very good work! There are still a few problems and after discussions on the libcurl mailing list I'd like to highlight the biggest problem I have right now (using the SVN revision 193 which is the latest right now): I still can't connect to public sites using my Debian Linux default ca cert bundle (/etc/ssl/certs/). I have changed CONFIG_X509_MAX_CA_CERTS to 200. I tried HTTPS with these sites: sourceforge.net paypal.com www.skandiabanken.se www.google.com sites.google.com www.target.com www.hotmail.com www.yahoo.com. They all work fine if I just disable certificate verification. My test script: #!/bin/sh for i in sourceforge.net paypal.com www.skandiabanken.se www.google.com \ sites.google.com www.target.com www.hotmail.com www.yahoo.com ; do cmd="./src/curl https://$i -k -s -o /dev/null" echo $cmd eval $cmd echo $? done ... it's easy to change to use the system curl or to not use -k etc. -- / daniel.haxx.se |