rlm_rest / SSL one way and server certificate check

Mon Oct 24 16:40:34 CEST 2016

Yes, I'm on a RHEL.

I'm not using the default libcurl, though, but a more recent version which I built myself.

I didn't specify anything for NSS.
>From libcurl configure output I see that OpenSSL is used:

#define HAVE_LIBSSL 1
#define HAVE_OPENSSL_X509_H 1
#define USE_OPENSSL 1
#define HAVE_OPENSSL_CRYPTO_H 1
(etc.)

I also notice the "bundle" that libcurl sets as default:

#define CURL_CA_BUNDLE "/etc/pki/tls/certs/ca-bundle.crt"

-----Message d'origine-----
De : Freeradius-Users [mailto:freeradius-users-bounces+nicolas.chaigneau=capgemini.com at lists.freeradius.org] De la part de Adam Bishop
Envoyé : lundi 24 octobre 2016 16:04
À : freeradius-users at lists.freeradius.org
Objet : Re: rlm_rest / SSL one way and server certificate check

On Mon, 2016-10-24 at 13:53 +0000, Chaigneau, Nicolas wrote:
> So... is it supposed to work with CURLOPT_ISSUERCERT ?
> if so what am I doing wrong ?

Is this RHEL/CentOS? There's a  good chance libcurl is linked against NSS, which may be the cause.
--
Regards,

Adam Bishop

 gpg: 0x6609D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.