SSL CA Certificates - LibCurl C Language (Linux) -
im working webservice , still cannot authenticate peer certificates. im using libcurl c language, output:
cannot perform post, err: peer certificate cannot authenticated given ca certificates
so i've tried test connection through openssl command:
openssl s_client -connect homnfce.sefaz.am.gov.br:443 -cert cert.pem -key nfcek.pem
then : verify homecoming code: 20 (unable local issuer certificate)
going farther looked around server certificates, , noticed have cert chain. i've downloaded them , added using keytool:
keytool -import -trustcacerts -file cert1.cer -alias mykey keytool -import -trustcacerts -file cert2.cer -alias mykey2 keytool -import -trustcacerts -file cert3.cer -alias mykey3 even these changes, still can't authenticate peer certificates.
i think can indicate error while setting curlopts, heres extract of code:
if (curl_easy_setopt(curl, curlopt_post, 1) != curle_ok) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_post, 1) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_url, "https://homnfce.sefaz.am.gov.br/nfce-services-nac/services/nfestatusservico2?wsdl") != curle_ok) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_url) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_port, 443) != curle_ok) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_port, 443) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_sslcert, "cert.pem") != curle_ok) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_sslcert) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_sslkey, "nfcek.pem") != curle_ok) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_sslkey) failed"); homecoming -1; } sprintf(szcertpath, "%s","/home/cacerts/"); if (curl_easy_setopt(curl, curlopt_capath, szcertpath) != curle_ok) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_ssl_verifypeer) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_postfieldsize, ilen) != curle_ok) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_postfieldsize) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_sslcertpasswd, szmypw) != curle_ok ) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_timeout) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_readdata, pfchk) != curle_ok ) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_postfieldsize) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_writedata, pfanswer) != curle_ok ) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_writedata) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_timeout, ionlineservertimeout) != curle_ok ) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_timeout) failed"); homecoming -1; } if (curl_easy_setopt(curl, curlopt_nosignal, 1) != curle_ok) { if ( debug_details ) vtrace("curl_easy_setopt(curl, curlopt_nosignal, 1) failed"); homecoming __line__; } if ( (res = curl_easy_perform(curl)) != curle_ok ){ if ( debug_details ) vtracestr("infce_curlreq(): cannot perform post, err: %s\n", (char *)curl_easy_strerror(res)); homecoming -1; } something of import fact can't utilize insecure mode alternative ingnore peer authentication (curlopt_ssl_verifypeer = 0 ).
any ideas? can wrong?
thanks in advance
i've done it. problem servers cas. ive download certificate chain host, ive used openssl commands convert:
openssl x509 -in raiz_v2.cer -out raiz_v2.pem openssl x509 -in ac_certsign_g6.cer -out ac_certsign_g6.pem openssl x509 -in ac_certsign_mult_g5.cer -out ac_certsign_mult_g5.pem so ive unified them using:
cat raiz_v2.pem > cacert.pem cat ac_certsign_g6.pem >> cacert.pem cat ac_certsign_mult_g5.pem >> cacert.pem and ive pointed cacert.pem using curlopt_cainfo option.
c linux ssl certificate libcurl
No comments:
Post a Comment