IRIXNetwork


  1. IRIX Network Forums
  2. SGI/MIPS
  3. IRIX/Software
  4. Nekoware

curl with certificates
#1
curl with certificates
Hello,

in trying to get Git running on Irix, I am running into a little problem with certificates.
It seems to be using curl to do the https requests and it somehow does not see the certificates, so it is refusing to connect.

I installed curl 7.60 from http://contrib.irixnet.org/dual-mips3-mips4/
Running curl on an https connection fails with the following error:
curl: (60) SSL certificate problem: unable to get local issuer certificate

I have downloaded the most recent cacert.pem file from the curl website and put it in/usr/nekoware/certs and pointing to it with the cacert commandline option does make it work. It is just that with only capath specified or relying on the built-in path (/usr/nekoware/certs/) it fails. I also ran c_rehash and though I can see that it makes a symlink in /usr/nekoware/certs/ it does not help.

Does anyone know what I am doing wrong?
markh
Developer

Trade Count: (0)
Posts: 25
Threads: 4
Joined: Jan 2021
Location: The Netherlands
Find Reply
06-13-2022, 09:47 PM
#2
RE: curl with certificates
Set an env variable in your shell. What shell are you using?
I'm the system admin of this site. Private security technician, licensed locksmith, hack of a c developer and vintage computer enthusiast. 

https://contrib.irixnet.org/raion/ -- contributions and pieces that I'm working on currently. 

https://codeberg.org/SolusRaion -- Code repos I control

Technical problems should be sent my way.
Raion
Chief IRIX Officer

Trade Count: (9)
Posts: 4,240
Threads: 533
Joined: Nov 2017
Location: Eastern Virginia
Website Find Reply
06-14-2022, 02:18 AM
#3
RE: curl with certificates
Which env variable should I be setting? I am using tcsh.
Hmm, did some more digging and it seems that in order to use the directory /usr/nekoware/certs I need to split up the cacert.pem file into a file per certificate. I tested it with the ISRG Root X1 certificate which is needed by https://curl.se and then curl can connect fine.
I looked for a script to split the file and found https://stackoverflow.com/questions/2364...s#25316445 but the answers there don't seem to work on Irix or I am doing something wrong. I don't have a lot of experience with regular expressions, so I am not too sure what is wrong.
(This post was last modified: 06-14-2022, 10:08 PM by markh.)
 markh
Developer

Trade Count: (0)
Posts: 25
Threads: 4
Joined: Jan 2021
Location: The Netherlands
Find Reply
06-14-2022, 09:11 PM
#4
RE: curl with certificates
I checked how HaikuOS was doing this as I have that easily available and they seem to have compiled curl with a cafile (pointing to cacert.pem) instead of using the capath as the nekoware version. Using the capath seems more elegant, so I had a look at splitting up the file.

I managed to make an awk script that worked for me to split up the cacert.pem file into individual pem files.
It is as follows:

Code:
/\=\=\=\=/ {filename=prevline}{prevline=$0}
/BEGIN CERTIFICATE/, /END CERTIFICATE/ {print > filename ".pem"}
/END CERTIFICATE/ {close filename ".pem"}

You can save it in a file (for example split_certificates.awk) and then execute it with "awk -f split_certificates.awk cacert.pem". It will create a lot of pem files with the names set to the issuer. You can then copy those (excluding cacert.pem) to the /usr/nekoware/certs directory and run c_rehash (do both steps with a user that has rights to write to the folder).
Curl should then be able to access any https site with a valid certificate (assuming the root certificate was in the cacert.pem file).

This fixed my problem with Git and I can now clone a project, though I have only done a little bit of testing so far.
markh
Developer

Trade Count: (0)
Posts: 25
Threads: 4
Joined: Jan 2021
Location: The Netherlands
Find Reply
06-24-2022, 10:55 PM
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)