On 6/18/2020 1:27 PM, Peter Bushnell via curl-library wrote:
Have added curl source to build a statically compiled libcurl.a to a
multi-platform application which cross-compiles binaries for on Linux
for Windows and Mac. The application on Linux and Mac work as
expected, but when calling curl_easy_perform with a HTTPS URL a 77
error code is returned. During configure the following ca bundle path
is set.
/etc/ssl/certs/ca-certificates.crt
When configuring for Windows the same cert is set which can obviously
not be found in a Windows environment. Hoping that I only need to set
--with-ca-path or --with-ca-bundle but I've not been able to work out
what it should be set to. The advice I've seen online is for people to
download the cert which allows my cross-compiled curl.exe to work with
SSL, but does not seem to work if placed in the same directory as the
application. Tried setting the CA bundle path to ./ without luck and
also tried SSPI but that did not make a difference.
Setting the following allows calls to HTTPS to work, this shows that
libcurl has been successfully compiled, linked and can work but
obviously this is not desired behaviour.
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
Compiling with the following configure options:
./configure --disable-shared --enable-static --disable-ldap
--disable-sspi --without-librtmp --disable-ftp --disable-file
--disable-dict --disable-telnet --disable-tftp --disable-rtsp
--disable-pop3 --disable-imap --disable-smtp --disable-gopher
--disable-smb --host=x86_64-w64-mingw32
Configure output:
configure: Configured to build curl/libcurl:
Host setup: x86_64-w64-mingw32
Install prefix: /mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32
Compiler: x86_64-w64-mingw32-gcc
CFLAGS: -pipe -O2 -pthread
CPPFLAGS: -isystem
/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/include -isystem
/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/include
LDFLAGS: -L/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/lib
-L/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/lib
LIBS: -lssl -lcrypto -lssl -lcrypto -lgdi32 -lws2_32
curl version: 7.70.0
SSL: enabled (OpenSSL)
SSH: no (--with-{libssh,libssh2})
zlib: no (--with-zlib)
brotli: no (--with-brotli)
GSS-API: no (--with-gssapi)
TLS-SRP: enabled
resolver: POSIX threaded
IPv6: enabled
Unix sockets: no (--enable-unix-sockets)
IDN: no (--with-{libidn2,winidn})
Build libcurl: Shared=no, Static=yes
Built-in manual: enabled
--libcurl option: enabled (--disable-libcurl-option)
Verbose errors: enabled (--disable-verbose)
Code coverage: disabled
SSPI: no (--enable-sspi)
ca cert bundle: /etc/ssl/certs/ca-certificates.crt
ca cert path: no
ca fallback: no
LDAP: no (--enable-ldap / --with-ldap-lib /
--with-lber-lib)
LDAPS: no (--enable-ldaps)
RTSP: no (--enable-rtsp)
RTMP: no (--with-librtmp)
Metalink: no (--with-libmetalink)
PSL: no (libpsl not found)
Alt-svc: no (--enable-alt-svc)
HTTP2: disabled (--with-nghttp2)
HTTP3: disabled (--with-ngtcp2, --with-quiche)
ESNI: no (--enable-esni)
Protocols: HTTP HTTPS
Features: SSL IPv6 AsynchDNS NTLM TLS-SRP HTTPS-proxy
Any help on this would be appreciated.
On Windows the curl command line tool (curl.exe) will check environment
variables like CURL_CA_BUNDLE and if not found then search paths.
[1][2][3] libcurl doesn't do that, if you have no compile-time path then
you would need to detect the location yourself and use CURLOPT_CAINFO
[4] to set it.
If you use the Schannel backend (native WIndows SSL) instead of OpenSSL
then you do not need a separate bundle of certificates, the Windows OS
certificate store is used by default. The next version of curl (7.71, to
be released next week) will support that for OpenSSL but not by default,
you would use CURLSSLOPT_NATIVE_CA [5] to enable it.
[1]: https://curl.haxx.se/docs/sslcerts.html
[2]:
https://github.com/curl/curl/blob/curl-7_70_0/src/tool_operate.c#L2261-L2339
[3]:
https://github.com/curl/curl/blob/curl-7_70_0/src/tool_doswin.c#L598-L644
[4]: https://curl.haxx.se/libcurl/c/CURLOPT_CAINFO.html
[5]: https://curl.haxx.se/libcurl/c/CURLOPT_SSL_OPTIONS.html
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
