Failed to get certificate location in libcurlAdding self-signed SSL certificate for libcurllibcurl fails with error code 56 (ssl_read) and error code 58 when server reboots and doesn't recover post rebootlibcurl with client certificate,i get an error “Unable to load client key -8178. * NSS error -8178”SSL Certificate issue: CN entry doesn't match with hostname in URLSSL Connect error with libcurl after SKIP_PEER_VERIFICATION?libcurl certificate verification failslibcurl does not support HTTPSUsing LibCurl in C++ and self signed certificatelibcurl SSL connect errorHaving trouble sending client certificate in libcurl ssl request, what am I missing?

'Horseshoes' for Deer?

Why haven't the British protested Brexit as ardently like Hong Kongers protest?

Resources to learn about firearms?

How does the search space affect the speed of an ILP solver?

How to understand payment due date for a credit card

How can I store milk for long periods of time?

What is the following VRP?

Should a TA point out a professor's mistake while attending their lecture?

LINQ Extension methods MinBy and MaxBy

What is the chance of getting a Red Cabbage in year 1?

German equivalent to "going down the rabbit hole"

Can a level 20 Berserker barbarian use the Frenzy feature all day with one use?

How to differentiate between two people with the same name in a story?

Break down the phrase "shitsurei shinakereba naranaindesu"

Comparative evolutionary study: is amino acid or nucleotide comparison more useful?

IList<T> implementation

I failed to respond to a potential advisor

'spazieren' - walking in a silly and affected manner?

Do universities maintain secret textbooks?

Is it possible to use pgfplots in Rmarkdown rendered as HTML?

Does the telecom provider need physical access to the SIM card to clone it?

Does the Freedom of Movement spell prevent petrification by the Flesh to Stone spell?

What checks exist against overuse of presidential pardons in the USA?

Is "prohibition against," a double negative?



Failed to get certificate location in libcurl


Adding self-signed SSL certificate for libcurllibcurl fails with error code 56 (ssl_read) and error code 58 when server reboots and doesn't recover post rebootlibcurl with client certificate,i get an error “Unable to load client key -8178. * NSS error -8178”SSL Certificate issue: CN entry doesn't match with hostname in URLSSL Connect error with libcurl after SKIP_PEER_VERIFICATION?libcurl certificate verification failslibcurl does not support HTTPSUsing LibCurl in C++ and self signed certificatelibcurl SSL connect errorHaving trouble sending client certificate in libcurl ssl request, what am I missing?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















I'm using libcurl in a client application written in C++, to connect to a remote system using HTTPS. The connection is further secured by client certificates. Upon connecting I get the following messages:



Cert file: 'C:my-certsclient.crt'.
Key file: 'C:my-certsclient.key'.
CURL (0): Trying <ipaddress>...
CURL (0): TCP_NODELAY set
CURL (0): Connected to <hostname> (<ipaddress>) port 443 (#0)
CURL (0): schannel: SSL/TLS connection with <hostname> port 443 (step 1/3)
CURL (0): schannel: disabled server certificate revocation checks
CURL (0): schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
CURL (0): schannel: Failed to get certificate location for C:my-certsclient.crt
The connection to <hostname> was closed.


I'm certain the .crt and .key files exist in the specified location, and are readable. I'm setting the following SSL-related options in CURL:



CURLOPT_SSLCERT: C:my-certsclient.crt
CURLOPT_SSLKEY: C:my-certsclient.key
CURLOPT_SSL_VERIFYHOST: 0
CURLOPT_SSL_VERIFYPEER: 0


What does the message "Failed to get certificate location" mean, and what should I do about it?



I'm using libcurl/7.61.1-DEV WinSSL zlib/1.2.11, taken from vcpkg, and running on Windows 7. The application works fine with client certificates disabled; it's only when I add the SSLCERT and SSLKEY options that it fails.






c++ libcurl







share|improve this question






























    1















    I'm using libcurl in a client application written in C++, to connect to a remote system using HTTPS. The connection is further secured by client certificates. Upon connecting I get the following messages:



    Cert file: 'C:my-certsclient.crt'.
    Key file: 'C:my-certsclient.key'.
    CURL (0): Trying <ipaddress>...
    CURL (0): TCP_NODELAY set
    CURL (0): Connected to <hostname> (<ipaddress>) port 443 (#0)
    CURL (0): schannel: SSL/TLS connection with <hostname> port 443 (step 1/3)
    CURL (0): schannel: disabled server certificate revocation checks
    CURL (0): schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
    CURL (0): schannel: Failed to get certificate location for C:my-certsclient.crt
    The connection to <hostname> was closed.


    I'm certain the .crt and .key files exist in the specified location, and are readable. I'm setting the following SSL-related options in CURL:



    CURLOPT_SSLCERT: C:my-certsclient.crt
    CURLOPT_SSLKEY: C:my-certsclient.key
    CURLOPT_SSL_VERIFYHOST: 0
    CURLOPT_SSL_VERIFYPEER: 0


    What does the message "Failed to get certificate location" mean, and what should I do about it?



    I'm using libcurl/7.61.1-DEV WinSSL zlib/1.2.11, taken from vcpkg, and running on Windows 7. The application works fine with client certificates disabled; it's only when I add the SSLCERT and SSLKEY options that it fails.






    c++ libcurl







    share|improve this question


























      1












      1








      1








      I'm using libcurl in a client application written in C++, to connect to a remote system using HTTPS. The connection is further secured by client certificates. Upon connecting I get the following messages:



      Cert file: 'C:my-certsclient.crt'.
      Key file: 'C:my-certsclient.key'.
      CURL (0): Trying <ipaddress>...
      CURL (0): TCP_NODELAY set
      CURL (0): Connected to <hostname> (<ipaddress>) port 443 (#0)
      CURL (0): schannel: SSL/TLS connection with <hostname> port 443 (step 1/3)
      CURL (0): schannel: disabled server certificate revocation checks
      CURL (0): schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
      CURL (0): schannel: Failed to get certificate location for C:my-certsclient.crt
      The connection to <hostname> was closed.


      I'm certain the .crt and .key files exist in the specified location, and are readable. I'm setting the following SSL-related options in CURL:



      CURLOPT_SSLCERT: C:my-certsclient.crt
      CURLOPT_SSLKEY: C:my-certsclient.key
      CURLOPT_SSL_VERIFYHOST: 0
      CURLOPT_SSL_VERIFYPEER: 0


      What does the message "Failed to get certificate location" mean, and what should I do about it?



      I'm using libcurl/7.61.1-DEV WinSSL zlib/1.2.11, taken from vcpkg, and running on Windows 7. The application works fine with client certificates disabled; it's only when I add the SSLCERT and SSLKEY options that it fails.






      c++ libcurl







      share|improve this question














      I'm using libcurl in a client application written in C++, to connect to a remote system using HTTPS. The connection is further secured by client certificates. Upon connecting I get the following messages:



      Cert file: 'C:my-certsclient.crt'.
      Key file: 'C:my-certsclient.key'.
      CURL (0): Trying <ipaddress>...
      CURL (0): TCP_NODELAY set
      CURL (0): Connected to <hostname> (<ipaddress>) port 443 (#0)
      CURL (0): schannel: SSL/TLS connection with <hostname> port 443 (step 1/3)
      CURL (0): schannel: disabled server certificate revocation checks
      CURL (0): schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
      CURL (0): schannel: Failed to get certificate location for C:my-certsclient.crt
      The connection to <hostname> was closed.


      I'm certain the .crt and .key files exist in the specified location, and are readable. I'm setting the following SSL-related options in CURL:



      CURLOPT_SSLCERT: C:my-certsclient.crt
      CURLOPT_SSLKEY: C:my-certsclient.key
      CURLOPT_SSL_VERIFYHOST: 0
      CURLOPT_SSL_VERIFYPEER: 0


      What does the message "Failed to get certificate location" mean, and what should I do about it?



      I'm using libcurl/7.61.1-DEV WinSSL zlib/1.2.11, taken from vcpkg, and running on Windows 7. The application works fine with client certificates disabled; it's only when I add the SSLCERT and SSLKEY options that it fails.






      c++ libcurl




      c++ libcurl






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 27 at 21:29









      H. GuijtH. Guijt

      2,7495 silver badges12 bronze badges




      2,7495 silver badges12 bronze badges

























          1 Answer
          1






          active

          oldest

          votes


















          1















          Seems you can't specify a path to certificate file if libcurl is built with schannel on Windows (native TLS API). You need to specify the path to a cert in System Storage, as stated in docs:



          (Schannel only) Client certificates must be specified by a path expression to a certificate store. (Loading PFX is not supported; you can import it to a store first). You can use <store location><store name><thumbprint> to refer to a certificate in the system certificates store, for example, "CurrentUserMY934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is usually a SHA-1 hex string which you can see in certificate details. Following store locations are supported: CurrentUser, LocalMachine, CurrentService, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, LocalMachineEnterprise.



          You can check it inside the libcurl sources as well, look at the functions schannel_connect_step1 and get_cert_location in the file lib/vtls/schannel.c






          share|improve this answer

























          • Thanks, this is most helpful. Is the fact that it completely fails to load certificates from file intended as a feature, or should I report this as a bug on libcurl?

            – H. Guijt
            Mar 28 at 18:53






          • 1





            I think that's how it's meant to work (looking at the code)

            – Anton Malyshev
            Mar 28 at 20:24










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55386742%2ffailed-to-get-certificate-location-in-libcurl%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1















          Seems you can't specify a path to certificate file if libcurl is built with schannel on Windows (native TLS API). You need to specify the path to a cert in System Storage, as stated in docs:



          (Schannel only) Client certificates must be specified by a path expression to a certificate store. (Loading PFX is not supported; you can import it to a store first). You can use <store location><store name><thumbprint> to refer to a certificate in the system certificates store, for example, "CurrentUserMY934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is usually a SHA-1 hex string which you can see in certificate details. Following store locations are supported: CurrentUser, LocalMachine, CurrentService, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, LocalMachineEnterprise.



          You can check it inside the libcurl sources as well, look at the functions schannel_connect_step1 and get_cert_location in the file lib/vtls/schannel.c






          share|improve this answer

























          • Thanks, this is most helpful. Is the fact that it completely fails to load certificates from file intended as a feature, or should I report this as a bug on libcurl?

            – H. Guijt
            Mar 28 at 18:53






          • 1





            I think that's how it's meant to work (looking at the code)

            – Anton Malyshev
            Mar 28 at 20:24















          1















          Seems you can't specify a path to certificate file if libcurl is built with schannel on Windows (native TLS API). You need to specify the path to a cert in System Storage, as stated in docs:



          (Schannel only) Client certificates must be specified by a path expression to a certificate store. (Loading PFX is not supported; you can import it to a store first). You can use <store location><store name><thumbprint> to refer to a certificate in the system certificates store, for example, "CurrentUserMY934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is usually a SHA-1 hex string which you can see in certificate details. Following store locations are supported: CurrentUser, LocalMachine, CurrentService, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, LocalMachineEnterprise.



          You can check it inside the libcurl sources as well, look at the functions schannel_connect_step1 and get_cert_location in the file lib/vtls/schannel.c






          share|improve this answer

























          • Thanks, this is most helpful. Is the fact that it completely fails to load certificates from file intended as a feature, or should I report this as a bug on libcurl?

            – H. Guijt
            Mar 28 at 18:53






          • 1





            I think that's how it's meant to work (looking at the code)

            – Anton Malyshev
            Mar 28 at 20:24













          1














          1










          1









          Seems you can't specify a path to certificate file if libcurl is built with schannel on Windows (native TLS API). You need to specify the path to a cert in System Storage, as stated in docs:



          (Schannel only) Client certificates must be specified by a path expression to a certificate store. (Loading PFX is not supported; you can import it to a store first). You can use <store location><store name><thumbprint> to refer to a certificate in the system certificates store, for example, "CurrentUserMY934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is usually a SHA-1 hex string which you can see in certificate details. Following store locations are supported: CurrentUser, LocalMachine, CurrentService, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, LocalMachineEnterprise.



          You can check it inside the libcurl sources as well, look at the functions schannel_connect_step1 and get_cert_location in the file lib/vtls/schannel.c






          share|improve this answer













          Seems you can't specify a path to certificate file if libcurl is built with schannel on Windows (native TLS API). You need to specify the path to a cert in System Storage, as stated in docs:



          (Schannel only) Client certificates must be specified by a path expression to a certificate store. (Loading PFX is not supported; you can import it to a store first). You can use <store location><store name><thumbprint> to refer to a certificate in the system certificates store, for example, "CurrentUserMY934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is usually a SHA-1 hex string which you can see in certificate details. Following store locations are supported: CurrentUser, LocalMachine, CurrentService, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, LocalMachineEnterprise.



          You can check it inside the libcurl sources as well, look at the functions schannel_connect_step1 and get_cert_location in the file lib/vtls/schannel.c







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 27 at 23:37









          Anton MalyshevAnton Malyshev

          6,8422 gold badges20 silver badges40 bronze badges




          6,8422 gold badges20 silver badges40 bronze badges















          • Thanks, this is most helpful. Is the fact that it completely fails to load certificates from file intended as a feature, or should I report this as a bug on libcurl?

            – H. Guijt
            Mar 28 at 18:53






          • 1





            I think that's how it's meant to work (looking at the code)

            – Anton Malyshev
            Mar 28 at 20:24

















          • Thanks, this is most helpful. Is the fact that it completely fails to load certificates from file intended as a feature, or should I report this as a bug on libcurl?

            – H. Guijt
            Mar 28 at 18:53






          • 1





            I think that's how it's meant to work (looking at the code)

            – Anton Malyshev
            Mar 28 at 20:24
















          Thanks, this is most helpful. Is the fact that it completely fails to load certificates from file intended as a feature, or should I report this as a bug on libcurl?

          – H. Guijt
          Mar 28 at 18:53





          Thanks, this is most helpful. Is the fact that it completely fails to load certificates from file intended as a feature, or should I report this as a bug on libcurl?

          – H. Guijt
          Mar 28 at 18:53




          1




          1





          I think that's how it's meant to work (looking at the code)

          – Anton Malyshev
          Mar 28 at 20:24





          I think that's how it's meant to work (looking at the code)

          – Anton Malyshev
          Mar 28 at 20:24






          Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.







          Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.



















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55386742%2ffailed-to-get-certificate-location-in-libcurl%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          SQL error code 1064 with creating Laravel foreign keysForeign key constraints: When to use ON UPDATE and ON DELETEDropping column with foreign key Laravel error: General error: 1025 Error on renameLaravel SQL Can't create tableLaravel Migration foreign key errorLaravel php artisan migrate:refresh giving a syntax errorSQLSTATE[42S01]: Base table or view already exists or Base table or view already exists: 1050 Tableerror in migrating laravel file to xampp serverSyntax error or access violation: 1064:syntax to use near 'unsigned not null, modelName varchar(191) not null, title varchar(191) not nLaravel cannot create new table field in mysqlLaravel 5.7:Last migration creates table but is not registered in the migration table

          Image
          Does a multiclassed wizard start with a spellbook? Minimizing medical costs with HSA Boss has banned cycling to work because he thinks it's unsafe Is there a typical layout to blocking installed for backing in new construction framing? In the Seventh Seal why does Death let the chess game happen? Why has Novell never written its own boot loader? Should I warn my boss I might take sick leave Why is the saxophone not common in classical repertoire? Is it possible to spoof an IP address to an exact number? Motorcyle Chain needs to be cleaned every time you lube it? Bypass with wrong cvv of debit card and getting OTP Do we have a much compact and generalized version of erase–remove idiom? how can i make this execution plan more efficient? Why did moving the mouse cursor cause Windows 95 to run more quickly? What's the big deal about the Nazgûl losing their horses? Has chattel slavery ever been used as a criminal punishment in the USA since the passag...
          Read more

          용인 삼성생명 블루밍스 목차 통계 역대 감독 선수단 응원단 경기장 같이 보기 외부 링크 둘러보기 메뉴samsungblueminx.comeh선수 명단용인 삼성생명 블루밍스용인 삼성생명 블루밍스ehsamsungblueminx.comeheheheh

          Image
          수원 삼성생명 비추미광주 신세계 쿨캣수원 삼성생명 비추미안산 신한은행 에스버드안산 신한은행 에스버드안산 신한은행 에스버드춘천 우리은행 한새춘천 우리은행 한새춘천 우리은행 한새춘천 우리은행 한새아산 우리은행 위비아산 우리은행 위비청주 KB 스타즈 한국 여자 농구 연맹 팀1977년 설립...
          Read more

          155 수학 과학 기타 둘러보기 메뉴eh추가해eh문서를 완성해

          Image
          0123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369...
          Read more