LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page Curl HTTPS OpenSSL Certificate issue
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 08-06-2010, 05:11 AM   #1
Manjunath1847
Member
 
Registered: Mar 2007
Posts: 44

Rep: Reputation: 16
Curl HTTPS OpenSSL Certificate issue

I am having an issue with HTTPS certification using curl. My curl is configured with OpenSSL. If the certification verification is failed I dont want to terminate the operation, instead I want to continue by just putting a log message. For this I have used OpenSSL SSL_CTX_set_verify() function to set my static C callback function. During HTTPS transaction, my callback is also getting called with first parameter 0 or 1 (depending upon of the certificate verification is success or failure). But even if my certification verification is failure, I want to continue. So I have hard coded to return value as 1 always from my callback function. But still I see the certification error and I don't get the page. Any suggestion please? My sample code is as below. Please help


#include <stdio.h>
#include <curl/curl.h>
#include <openssl/x509v3.h>
#include <openssl/ssl.h>


static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
printf("verify_callback function with %d\n",ok);
return 1;
}
static CURLcode sslContextGetter(CURL* curl, void* sslContext, void* data)
{
printf("In sslContextGetter\n");
SSL_CTX_set_verify(static_cast<SSL_CTX*>(sslContext),SSL_VERIFY_CLIENT_ONCE ,verify_callback);
return (CURLcode)0;
}

int main(void)
{
CURL *curl;
CURLcode res;

curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, *sslContextGetter);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/curl");
//curl_easy_setopt(curl, CURLOPT_URL, "https://www.paypal.com");
curl_easy_setopt(curl, CURLOPT_URL, "https://selfcare.myway.in");
res = curl_easy_perform(curl);
/* always cleanup */
curl_easy_cleanup(curl);
}
return 0;
}
 
Old 08-09-2010, 10:13 PM   #2
Manjunath1847
Member
 
Registered: Mar 2007
Posts: 44

Original Poster
Rep: Reputation: 16
This issue is fixed. In the call back function we need to set X509_STORE_CTX_set_error(ctx, X509_V_OK), along with returning 1. Not sure why is this not mentioned in the openssl documentation.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Curl Certificate Issue Manjunath1847 Linux - General 1 07-14-2010 01:18 AM
HTTPS and CURL Elv13 Linux - Software 8 08-30-2009 01:19 PM
cUrl + Openssl Padawan.AVT Linux - Software 2 07-16-2009 01:36 AM
Building a certificate chain from the certificate using openSSL aravinda78 Linux - Security 1 11-10-2008 01:51 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 10:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:29 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration