Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 08-06-2010, 06:11 AM   #1
Registered: Mar 2007
Posts: 44

Rep: Reputation: 16
Curl HTTPS OpenSSL Certificate issue

I am having an issue with HTTPS certification using curl. My curl is configured with OpenSSL. If the certification verification is failed I dont want to terminate the operation, instead I want to continue by just putting a log message. For this I have used OpenSSL SSL_CTX_set_verify() function to set my static C callback function. During HTTPS transaction, my callback is also getting called with first parameter 0 or 1 (depending upon of the certificate verification is success or failure). But even if my certification verification is failure, I want to continue. So I have hard coded to return value as 1 always from my callback function. But still I see the certification error and I don't get the page. Any suggestion please? My sample code is as below. Please help

#include <stdio.h>
#include <curl/curl.h>
#include <openssl/x509v3.h>
#include <openssl/ssl.h>

static int verify_callback(int ok, X509_STORE_CTX *ctx)
printf("verify_callback function with %d\n",ok);
return 1;
static CURLcode sslContextGetter(CURL* curl, void* sslContext, void* data)
printf("In sslContextGetter\n");
SSL_CTX_set_verify(static_cast<SSL_CTX*>(sslContext),SSL_VERIFY_CLIENT_ONCE ,verify_callback);
return (CURLcode)0;

int main(void)
CURL *curl;
CURLcode res;

curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, *sslContextGetter);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/curl");
//curl_easy_setopt(curl, CURLOPT_URL, "");
curl_easy_setopt(curl, CURLOPT_URL, "");
res = curl_easy_perform(curl);
/* always cleanup */
return 0;
Old 08-09-2010, 11:13 PM   #2
Registered: Mar 2007
Posts: 44

Original Poster
Rep: Reputation: 16
This issue is fixed. In the call back function we need to set X509_STORE_CTX_set_error(ctx, X509_V_OK), along with returning 1. Not sure why is this not mentioned in the openssl documentation.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Curl Certificate Issue Manjunath1847 Linux - General 1 07-14-2010 02:18 AM
HTTPS and CURL Elv13 Linux - Software 8 08-30-2009 02:19 PM
cUrl + Openssl Padawan.AVT Linux - Software 2 07-16-2009 02:36 AM
Building a certificate chain from the certificate using openSSL aravinda78 Linux - Security 1 11-10-2008 02:51 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 11:28 AM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 08:48 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration