0

I'm trying to setup secure connection to HTTPS server with curl on iOS (app is written in C++)

I figured out that I need to set cacert.pam (http://curl.haxx.se/ca/cacert.pem) file path for CURLOPT_CAPATH option:

curl_easy_setopt (curl, CURLOPT_CAPATH, "/var/mobile/Applications/811DEF2E-DE1D-4C86-A1FD-129478C8318D/MyApp.app/ca/cacert.pem");
curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 2L);

But this just generates folowing verbose log (ip and url changed):

libcurl/7.29.0 OpenSSL/1.0.1e zlib/1.2.5
* About to connect() to myserver.com port 443 (#0)
*   Trying 128.128.128.128...
* Connected to myserver.com (128.128.128.128) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /var/mobile/Applications/171CA93F-15F2-42A1-938B-01812AF1E555/MyApp.app/ca/cacert.pem
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0

Same happens if I set CURLOPT_CAPATH to "../MyApp.app/ca" folder. File exists and can be read.

There seems to be a lack of information about this error.. What I am doing wrong?

lietus
  • 199
  • 2
  • 11
  • do you have problem with iphone code or server side script? – Dipen Panchasara Mar 29 '13 at 11:50
  • refer how to configure your local server to handle HTTPS [this](http://stackoverflow.com/questions/4221874/how-do-i-create-https-for-localhost-apache) post for windows and [this post](http://www.codeproject.com/Tips/239837/Configure-apache-localhost-to-use-secure-HTTP-HTTP) for mac – Dipen Panchasara Apr 02 '13 at 06:42
  • what is this to do with server side? server side security works fine, this is client side (iOS) code – lietus Apr 02 '13 at 08:22
  • finally some ray of hope refer [this](http://blog.timac.org/?tag=nsurlrequest) – Dipen Panchasara Apr 02 '13 at 08:30

2 Answers2

4

OK, after some irritating searching I found the problem and solution.

This does not seem to work neither with folder nor with file path:

curl_easy_setopt (curl, CURLOPT_CAPATH, caCertPath);

But this works when supplying full path to PEM file:

curl_easy_setopt (curl, CURLOPT_CAINFO, caCertPath);

Hope this helps someone in the future

lietus
  • 199
  • 2
  • 11
0

from manual:

The CURLOPT_CAPATH function apparently does not work in Windows due to some limitation in openssl

http://curl.haxx.se/libcurl/c/curl_easy_setopt.html

CURLOPT_CAINFO option works

Oleg.A
  • 1
  • 1