From: Dimi Tomov <dimi@tpm.dev>
To: Baruch Siach <baruch@tkos.co.il>, Martin Bark <martin@barkynet.com>
Cc: Buildroot <buildroot@buildroot.org>
Subject: Re: [Buildroot] libcurl ignores default buildroot CA bundle
Date: Sun, 05 Jun 2022 13:04:44 +0300 [thread overview]
Message-ID: <30bf207a13340e40cf083e6721d71460@tpm.dev> (raw)
In-Reply-To: <d39ac782ff917689120b241a052b11cc@tpm.dev>
make libcurl-dirclean forced a rebuild with wolfssl as the crypto
backend, however --with-ca-path does not work. Error below:
checking default CA cert bundle/path... configure: error: --with-ca-path
only works with OpenSSL, GnuTLS or mbedTLS
How to enable buildroot CA bundle for libcurl when using wolfssl?
Thanks,
Dimi
On 2022-06-05 11:32 AM, Dimi Tomov wrote:
> I think I found another issue:
>
> $make libcurl-reconfigure does not change the cryptopgrahic provider
> for curl.
>
> I change the option using make menuconfig and I see it reflected in my
> buildroot config.
>
> ps: about curl w/ openssl, my board had its date set to May instead of
> June and this was the issue.
>
> Thanks,
>
> Dimi
>
> On 2022-06-05 11:16 AM, Dimi Tomov wrote:
>> I forgot to mention that I have updated the system clock using data &
>> hwclock -wu and the issue with libcurl and ca-certificates packages
>> persists.
>>
>> On 2022-06-05 10:24 AM, Dimi Tomov wrote:
>>> Hell Martin and Baruch,
>>>
>>> Issue persist after building my buildroot image with libcurl and
>>> openssl as a cryptographic provider, ca-certificates package
>>> installed
>>> properly and in default location. Error message only changed a bit:
>>>
>>> # curl https://google.com
>>> curl: (60) SSL certificate problem: certificate is not yet valid
>>> More details here: https://curl.se/docs/sslcerts.html
>>>
>>> curl failed to verify the legitimacy of the server and therefore
>>> could not
>>> establish a secure connection to it. To learn more about this
>>> situation and
>>> how to fix it, please visit the web page mentioned above.
>>>
>>> ^the above page mentions that a CA bundle is missing.
>>>
>>> However, /etc/ssl/certs is deployed properly by the buildroot make
>>> and
>>> sdcard image.
>>>
>>> Any ideas?
>>>
>>> Thanks,
>>>
>>> Dimi
>>>
>>> --
>>> Founder of TPM.dev
>>>
>>> On 2022-06-04 09:16 PM, Dimi Tomov wrote:
>>>> Hello Baruch,
>>>>
>>>> I may have found an issue with the libcurl package.
>>>>
>>>> The libcurl.mk file lacks CA path when built with wolfssl instead of
>>>> openssl.
>>>>
>>>> ifeq ($(BR2_PACKAGE_LIBCURL_WOLFSSL),y)
>>>> LIBCURL_CONF_OPTS += --with-wolfssl=$(STAGING_DIR)/usr
>>>> LIBCURL_DEPENDENCIES += wolfssl
>>>> else
>>>> LIBCURL_CONF_OPTS += --without-wolfssl
>>>> endif
>>>>
>>>> I tried adding LIBCURL_CONF_OPTS += --with-ca-path=/etc/ssl/certs in
>>>> the above if case and rebuild, but this did not solve the issue.
>>>> Could
>>>> you please take a look?
>>>>
>>>> Thanks,
>>>>
>>>> Dimi
>>>>
>>>> On 2022-06-04 07:43 PM, Dimi Tomov wrote:
>>>>> Hello Buildroot community,
>>>>>
>>>>> I have a STM32MP1 target and my buildroot image has both the curl
>>>>> and
>>>>> ca-certificates package installed. However, curl fails to
>>>>> authenticate
>>>>> any https requests:
>>>>>
>>>>>
>>>>> # curl https://google.com
>>>>>
>>>>> curl: (77) CA signer not available for verification
>>>>>
>>>>>
>>>>> Do I need to do some extra buildroot configuration for libcurl to
>>>>> use
>>>>> the CA bundle in /etc/ssl/certs?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Dimi Tomov
>>>>> --
>>>>> Founder of TPM.dev
>>>>> _______________________________________________
>>>>> buildroot mailing list
>>>>> buildroot@buildroot.org
>>>>> https://lists.buildroot.org/mailman/listinfo/buildroot
>>> _______________________________________________
>>> buildroot mailing list
>>> buildroot@buildroot.org
>>> https://lists.buildroot.org/mailman/listinfo/buildroot
--
Founder of TPM.dev
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-06-05 10:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-04 16:43 [Buildroot] libcurl ignores default buildroot CA bundle Dimi Tomov
2022-06-04 18:16 ` Dimi Tomov
2022-06-05 7:24 ` Dimi Tomov
2022-06-05 8:16 ` Dimi Tomov
2022-06-05 8:32 ` Dimi Tomov
2022-06-05 10:04 ` Dimi Tomov [this message]
2022-06-05 12:49 ` Dimi Tomov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30bf207a13340e40cf083e6721d71460@tpm.dev \
--to=dimi@tpm.dev \
--cc=baruch@tkos.co.il \
--cc=buildroot@buildroot.org \
--cc=martin@barkynet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.