• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Certificate verification issue on Mac OS X 10.7.4
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate verification issue on Mac OS X 10.7.4

  • Subject: Re: Certificate verification issue on Mac OS X 10.7.4
  • From: Ken McLeod <email@hidden>
  • Date: Mon, 04 Jun 2012 11:29:43 -0700
Are you behind an authenticated proxy or some portal that might not permit a connection to Thawte's OCSP server?

To answer your question: yes, changes were made in 10.7.4 which made certificate validation less tolerant of OCSP errors. (As a test, open the Keychain Access application, select Preferences > Certificates, and change the settings from Best Attempt to Off. If your application now works, then this was the issue, and we're investigating the fix.)

-ken


On Jun 04 2012 11:04 PM, Arjun SM wrote:
> Hi all,
>
> I have a small application which does a HTTPS post to a web server. I use a
> libcurl to achieve this task and everything was fine until there was an Mac
> Os X 10.7.4 update.
>
> For some reason, when ever I try to make a  connection to my web server
> cURL returns with an error *60 *
> *error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed*
>
> I have verified that my certificates are valid up-to year  2015. The
> certificates are issued by Thawte Premium Server CA authority.  I am unable
> to understand what problem is there on the certificate. One interesting
> thing is that,
> This error is only seen in *Mac OS X Lion 10.7.4* and not Lion 10.7.3 or on
> Snow Leopard or Leopard.
>
> Can any one please help to understand if there were any changes in the
> latest 10.7.4 update that has caused problems. Below is the sample cURL
> code that I use for making a SSL connection
>
> int main(void)
> {
>     CURL *curl;
>     CURLcode res;
>
>     curl = curl_easy_init();
>     if(curl)
>     {
>         curl_easy_setopt(curl, CURLOPT_TIMEOUT, 20);        // 20 seconds
> time limit
>         curl_easy_setopt(curl, CURLOPT_URL, "https://myWebserver.com";);
>         curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
>         res = curl_easy_perform(curl);
>
>         /* always cleanup */
>         curl_easy_cleanup(curl);
>     }
>     return 0;
> }
>
>
> thanks in advance
> ~Arjun

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Certificate verification issue on Mac OS X 10.7.4
      • From: Paolo Barbato <email@hidden>
References: 
 >Certificate verification issue on Mac OS X 10.7.4 (From: Arjun SM <email@hidden>)

  • Prev by Date: Certificate verification issue on Mac OS X 10.7.4
  • Next by Date: Re: Certificate verification issue on Mac OS X 10.7.4
  • Previous by thread: Certificate verification issue on Mac OS X 10.7.4
  • Next by thread: Re: Certificate verification issue on Mac OS X 10.7.4
  • Index(es):
    • Date
    • Thread