0

I have setup the apache on ubuntu local host using the ans no 19 of below link How do I allow HTTPS for Apache on localhost? Using all the steps described, I have generated the self signed "mykey.key" and "mycert.pem" and set it to "SSLCertificatefile" and "SSCertificateKeyFile" now I can connect to "https://localhost:443".

But when I try to run the lipcurl c program, I am getting the error "curl_easy_perform() failed: Problem with the local SSL certificate"

Here I am using the same key & certificate what I have generated in above step :mykey.key & mycert.pem.

int main(void)
{
  CURL *curl;
  CURLcode res;
  FILE *headerfile;
  const char *pPassphrase = NULL;

  static const char *pCertFile = "mycert.pem";
  static const char *pCACertFile = "/usr/local/share/ca-certificates/CACert.crt";
  static const char *pHeaderFile = "dumpit";

  const char *pKeyName;
  const char *pKeyType;

  const char *pEngine;
  headerfile = fopen(pHeaderFile, "wb");
  curl_global_init(CURL_GLOBAL_DEFAULT);
  curl = curl_easy_init();
  if(curl) {
    /* what call to write: */
    curl_easy_setopt(curl, CURLOPT_URL, "https://localhost:443");
    curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);

    do { /* dummy loop, just to break out from */
      if(pEngine) {
        /* use crypto engine */
        if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
          /* load the crypto engine */
          fprintf(stderr, "cannot set crypto engine\n");
          break;
        }
        if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
          /* set the crypto engine as default */
          /* only needed for the first time you load
             a engine in a curl object... */
          fprintf(stderr, "cannot set crypto engine as default\n");
          break;
        }
      }
      curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
      curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
      curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);
      curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);
      curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);
      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
      res = curl_easy_perform(curl);
      if(res != CURLE_OK)
        fprintf(stderr, "curl_easy_perform() failed: %s\n",
                curl_easy_strerror(res));
    } while(0);
    /* always cleanup */
    curl_easy_cleanup(curl);
  }
  curl_global_cleanup();

  return 0;
}

here the content of "mycert.pem" & "CACert.crt" are same as I have made the copy.

please suggest, if I am missing any step

kaylum
  • 13,833
  • 2
  • 22
  • 31
Shah
  • 31
  • 1
  • The variables pKeyName, pKeyType, pEngine are uninitialised. – 273K Jan 12 '22 at 07:29
  • `CURLOPT_SSLCERT` is for a *client certificate*, which your question doesn't say you use... – Daniel Stenberg Jan 12 '22 at 08:15
  • Thanks @DanielStenberg. Yes, While working on the same I come to know that, I have to use client certificate and client private key for this C program. But I think to get this program working, I have to configure and use the CA in ubuntu. Can anyone help me to get me some good reference where all the steps are mention to setup the complete setup of this client server communication over SSL. that will be a great help. – Shah Jan 12 '22 at 12:51

0 Answers0