Re: Certificate verification issue on Mac OS X 10.7.4
Re: Certificate verification issue on Mac OS X 10.7.4
- Subject: Re: Certificate verification issue on Mac OS X 10.7.4
- From: Arjun SM <email@hidden>
- Date: Tue, 05 Jun 2012 01:04:02 +0530
I am pretty sure that I was not behind a proxy or any other portal. I have performed that test by navigating to Keychain Access Application and change the settings but without any LUCK.
Should I to change the way I use libCurl API's to resolve this problem
thanks,
~Arjun
On Tue, Jun 5, 2012 at 12:45 AM, Paolo Barbato
<email@hidden> wrote:
I confim such behavior in 10.7.4, and also agree on your suggestion to modify keychain configuration.
In my lab I use squid + authentication, and workaround for all safari users, is to bypass auth when OCSP verification is attempted.
Sure is a bug...wait for further investigation by Apple ... and a fix.
Regards,
Paolo.
Il giorno 04/giu/2012, alle ore 20.29, Ken McLeod ha scritto:
Are you behind an authenticated proxy or some portal that might not permit a connection to Thawte's OCSP server?
To answer your question: yes, changes were made in 10.7.4 which made certificate validation less tolerant of OCSP errors. (As a test, open the Keychain Access application, select Preferences > Certificates, and change the settings from Best Attempt to Off. If your application now works, then this was the issue, and we're investigating the fix.)
-ken
On Jun 04 2012 11:04 PM, Arjun SM wrote:
Hi all,
I have a small application which does a HTTPS post to a web server. I use a
libcurl to achieve this task and everything was fine until there was an Mac
Os X 10.7.4 update.
For some reason, when ever I try to make a connection to my web server
cURL returns with an error *60 *
*error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed*
I have verified that my certificates are valid up-to year 2015. The
certificates are issued by Thawte Premium Server CA authority. I am unable
to understand what problem is there on the certificate. One interesting
thing is that,
This error is only seen in *Mac OS X Lion 10.7.4* and not Lion 10.7.3 or on
Snow Leopard or Leopard.
Can any one please help to understand if there were any changes in the
latest 10.7.4 update that has caused problems. Below is the sample cURL
code that I use for making a SSL connection
int main(void)
{
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl)
{
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 20); // 20 seconds
time limit
curl_easy_setopt(curl, CURLOPT_URL, "https://myWebserver.com");
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
res = curl_easy_perform(curl);
/* always cleanup */
curl_easy_cleanup(curl);
}
return 0;
}
thanks in advance
~Arjun
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (
email@hidden)
This email sent to
email@hidden
------------------------------------------------------------------------------------------------
Paolo Barbato
corso Stati Uniti,4
35127 Padova - Italy
------------------------------------------------------------------------------------------------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden