I've built openssl 1.1.1 with --openssldir=< path to ssl >/ssl (link to /etc/ssl) and curl 7.76.1 with --with-ssl=< path to openssl >. Compiled the following code:
#include <iostream>
#include <curl/curl.h>
int main()
{
CURL *curl = curl_easy_init();
if (curl)
{
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Accept: */*");
headers = curl_slist_append(headers, "Content-Type: application/json");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl, CURLOPT_URL, "https://<address>");
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "<some data>");
curl_easy_perform(curl);
curl_slist_free_all(headers)
}
curl_easy_cleanup(curl);
}
When I'm running this code I get an error:
curl_easy_operation() failed : Problem with the SSL CA cert (path? access rights?)
I see in strace, that it's trying to open "/etc/pki/tls/certs/ca-bundle.crt" But in my machines (Ubuntu 12 and Ubuntu 14) there is no folder "/etc/pki". Why does curl use "/etc/pki" instead of "/etc/ssl"? How can I force it do use "/etc/ssl"? I tried to build curl with --without-nss, but it didn't work.
EDIT: My solution was adding this code:
ifstream caBundleFile("/etc/pki/tls/certs/ca-bundle.crt");
if (caBundleFile.good()) {
curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/pki/tls/certs/ca-bundle.crt");
caBundleFile.close();
} else {
curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/ssl/certs");
}
There are two popular formats of storing root certificates. First one is for RHEL/Centos like, and second is for Ubuntu like distros.
