From: Dimi Tomov <dimi@tpm.dev>
To: Baruch Siach <baruch@tkos.co.il>, Martin Bark <martin@barkynet.com>
Cc: Buildroot <buildroot@buildroot.org>
Subject: Re: [Buildroot] libcurl ignores default buildroot CA bundle
Date: Sun, 05 Jun 2022 11:16:34 +0300 [thread overview]
Message-ID: <1ab54b30b3c2de10bcdeaa57f69c478b@tpm.dev> (raw)
In-Reply-To: <cefa8f258208ca9c1335d03895508b16@tpm.dev>
I forgot to mention that I have updated the system clock using data &
hwclock -wu and the issue with libcurl and ca-certificates packages
persists.
On 2022-06-05 10:24 AM, Dimi Tomov wrote:
> Hell Martin and Baruch,
>
> Issue persist after building my buildroot image with libcurl and
> openssl as a cryptographic provider, ca-certificates package installed
> properly and in default location. Error message only changed a bit:
>
> # curl https://google.com
> curl: (60) SSL certificate problem: certificate is not yet valid
> More details here: https://curl.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could
> not
> establish a secure connection to it. To learn more about this situation
> and
> how to fix it, please visit the web page mentioned above.
>
> ^the above page mentions that a CA bundle is missing.
>
> However, /etc/ssl/certs is deployed properly by the buildroot make and
> sdcard image.
>
> Any ideas?
>
> Thanks,
>
> Dimi
>
> --
> Founder of TPM.dev
>
> On 2022-06-04 09:16 PM, Dimi Tomov wrote:
>> Hello Baruch,
>>
>> I may have found an issue with the libcurl package.
>>
>> The libcurl.mk file lacks CA path when built with wolfssl instead of
>> openssl.
>>
>> ifeq ($(BR2_PACKAGE_LIBCURL_WOLFSSL),y)
>> LIBCURL_CONF_OPTS += --with-wolfssl=$(STAGING_DIR)/usr
>> LIBCURL_DEPENDENCIES += wolfssl
>> else
>> LIBCURL_CONF_OPTS += --without-wolfssl
>> endif
>>
>> I tried adding LIBCURL_CONF_OPTS += --with-ca-path=/etc/ssl/certs in
>> the above if case and rebuild, but this did not solve the issue. Could
>> you please take a look?
>>
>> Thanks,
>>
>> Dimi
>>
>> On 2022-06-04 07:43 PM, Dimi Tomov wrote:
>>> Hello Buildroot community,
>>>
>>> I have a STM32MP1 target and my buildroot image has both the curl and
>>> ca-certificates package installed. However, curl fails to
>>> authenticate
>>> any https requests:
>>>
>>>
>>> # curl https://google.com
>>>
>>> curl: (77) CA signer not available for verification
>>>
>>>
>>> Do I need to do some extra buildroot configuration for libcurl to use
>>> the CA bundle in /etc/ssl/certs?
>>>
>>> Thanks,
>>>
>>> Dimi Tomov
>>> --
>>> Founder of TPM.dev
>>> _______________________________________________
>>> buildroot mailing list
>>> buildroot@buildroot.org
>>> https://lists.buildroot.org/mailman/listinfo/buildroot
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
Founder of TPM.dev
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-06-05 8:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-04 16:43 [Buildroot] libcurl ignores default buildroot CA bundle Dimi Tomov
2022-06-04 18:16 ` Dimi Tomov
2022-06-05 7:24 ` Dimi Tomov
2022-06-05 8:16 ` Dimi Tomov [this message]
2022-06-05 8:32 ` Dimi Tomov
2022-06-05 10:04 ` Dimi Tomov
2022-06-05 12:49 ` Dimi Tomov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1ab54b30b3c2de10bcdeaa57f69c478b@tpm.dev \
--to=dimi@tpm.dev \
--cc=baruch@tkos.co.il \
--cc=buildroot@buildroot.org \
--cc=martin@barkynet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.