LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 08-06-2010, 06:11 AM   #1
Manjunath1847
Member
 
Registered: Mar 2007
Posts: 44

Rep: Reputation: 16
Curl HTTPS OpenSSL Certificate issue


I am having an issue with HTTPS certification using curl. My curl is configured with OpenSSL. If the certification verification is failed I dont want to terminate the operation, instead I want to continue by just putting a log message. For this I have used OpenSSL SSL_CTX_set_verify() function to set my static C callback function. During HTTPS transaction, my callback is also getting called with first parameter 0 or 1 (depending upon of the certificate verification is success or failure). But even if my certification verification is failure, I want to continue. So I have hard coded to return value as 1 always from my callback function. But still I see the certification error and I don't get the page. Any suggestion please? My sample code is as below. Please help


#include <stdio.h>
#include <curl/curl.h>
#include <openssl/x509v3.h>
#include <openssl/ssl.h>


static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
printf("verify_callback function with %d\n",ok);
return 1;
}
static CURLcode sslContextGetter(CURL* curl, void* sslContext, void* data)
{
printf("In sslContextGetter\n");
SSL_CTX_set_verify(static_cast<SSL_CTX*>(sslContext),SSL_VERIFY_CLIENT_ONCE ,verify_callback);
return (CURLcode)0;
}

int main(void)
{
CURL *curl;
CURLcode res;

curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, *sslContextGetter);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/curl");
//curl_easy_setopt(curl, CURLOPT_URL, "https://www.paypal.com");
curl_easy_setopt(curl, CURLOPT_URL, "https://selfcare.myway.in");
res = curl_easy_perform(curl);
/* always cleanup */
curl_easy_cleanup(curl);
}
return 0;
}
 
Old 08-09-2010, 11:13 PM   #2
Manjunath1847
Member
 
Registered: Mar 2007
Posts: 44

Original Poster
Rep: Reputation: 16
This issue is fixed. In the call back function we need to set X509_STORE_CTX_set_error(ctx, X509_V_OK), along with returning 1. Not sure why is this not mentioned in the openssl documentation.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Curl Certificate Issue Manjunath1847 Linux - General 1 07-14-2010 02:18 AM
HTTPS and CURL Elv13 Linux - Software 8 08-30-2009 02:19 PM
cUrl + Openssl Padawan.AVT Linux - Software 2 07-16-2009 02:36 AM
Building a certificate chain from the certificate using openSSL aravinda78 Linux - Security 1 11-10-2008 02:51 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 11:28 AM


All times are GMT -5. The time now is 04:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration