Menu

#1417 curl can't load client certificate on Mac OS X

closed-invalid
Daniel Stenberg
yosemite (1) beta 6 (1)
3
2014-09-18
2014-08-27
Paul
No

In Yosemite beta 6, an error occurs when trying to do certificate authentication. The certificates are valid. When not using curl the communication works as expected and does not error.

431 ERROR (58, 'SSL: Can't load the certificate "/path/to/client.pem" and its private key: OSStatus -25299')

curl info:
curl 7.37.1 (x86_64-apple-darwin14.0) libcurl/7.37.1 SecureTransport zlib/1.2.5

code base:
python - pycurl

Discussion

  • Paul

    Paul - 2014-08-27

    -----Code Sample-----

    curl.setopt(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3)
    curl.setopt(pycurl.SSLKEY, certs.private_key)
    curl.setopt(pycurl.SSLCERT, certs.client_pem)
    curl.setopt(pycurl.NOPROGRESS, 0)
    curl.setopt(pycurl.PROGRESSFUNCTION, progress.callback)
    curl.setopt(pycurl.CONNECTTIMEOUT, 60)
    curl.setopt(pycurl.URL, url)
    curl.setopt(pycurl.WRITEDATA, fp)
    curl.setopt(pycurl.HTTPHEADER, ['Server-UUID: {0}'.format(uuid), 'Auth-Token: {0}:{1}'.format(file.checksum, base64.b64encode(signature))])

     

  • Paul

    Paul - 2014-09-02

    This feature is still not working in Yosemite beta 7

    Also get same error in terminal:

    sudo curl -k -E /Path/to/certs/client.pem --key /Path/to/certs/private.key https://someUrl:port

     

  • Daniel Stenberg

    Daniel Stenberg - 2014-09-02

    Yosemite beta 7 sounds like an Apple product. I suggest you file bugs in their product to them. We in the curl project have nothing to do with Yosemite beta 7 or in fact any other Apple product.

     

  • Daniel Stenberg

    Daniel Stenberg - 2014-09-02
    • assigned_to: Daniel Stenberg
     

  • Paul

    Paul - 2014-09-02

    Hi Daniel,
    The issue seems to be curl related, I rewrote the section of the code to use a python module that doesn't use curl (requests.py) and the ssl communication works as expected.
    Can you prove it is not an issue with curl and provide me with some details? I will gladly file a radar with apple with some proof from you, so I can back up my issue with some facts from you, that would be awesome.

    Let me know.

    Thanks,

    • Paul
     

  • Daniel Stenberg

    Daniel Stenberg - 2014-09-03

    Of course I cannot prove it isn't an issue with curl. curl has lots of issues. But you need to stop talking about Apple products and start talking about curl for us to understand.

    Which curl version is it? And I assume this version is built with darwinssl as a TLS backend? (I assume it is, if the version info remains the same as in your original post here.)

    Can you try the current git version and see if it works differently? Is it only client certificates you have problems with? You say Python works, but that's not using darwinssl, is it?

     

    Last edit: Daniel Stenberg 2014-09-03

  • Daniel Stenberg

    Daniel Stenberg - 2014-09-03
    • summary: Yosemite Beta 6 - curl Error 58, 'SSL: Can't load the certificate' --> curl can't load client certificate on Mac OS X
     

  • Daniel Stenberg

    Daniel Stenberg - 2014-09-04

    As pointed out by Vilmos Nebehaj (http://curl.haxx.se/mail/lib-2014-09/0038.html) it is noted on this page http://curl.haxx.se/libcurl/c/CURLOPT_SSLCERT.html

    "The certificate must be in PKCS#12 format if using Secure Transport"

     

    • Paul

      Paul - 2014-09-04

      Thank you for the help! I will look into that.

       

  • Daniel Stenberg

    Daniel Stenberg - 2014-09-04
    • status: open --> pending-invalid
     

  • Daniel Stenberg

    Daniel Stenberg - 2014-09-18
    • status: pending-invalid --> closed-invalid
     
MongoDB Logo MongoDB