Get using https problem

[pvaziri]

Hi,

I'm using Revolution Enterprise v2.8.1-dp-4, Build 410. I'm trying to get some XML text using an https:// link. I also obtained the same result after updating liburl to 1.1.2.

Here is the code:

get url test

test contains

https://images.pictometry.com/portal/?...various parameters

I know the url is OK since it works on Firefox.

The result is:

error -Error with certificate at depth: 0 issuer = /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 subject = /C=US/O=images.pictometry.com/OU=businessprofile.geotrust.com/get.jsp?3110659382/OU=See www.geotrust.com/resources/cps (c)06/OU=Domain Control Validated - QuickSSL(R)/CN=images.pictometry.com err 20:unable to get local issuer certificate

Is this a bug or something server site-specific?

Thanks,
Pete

[BvG]

As you are using a https url, youu are using ssl. The result shows that this is something ssl specific. Unfortunately I have not much experience with https and ssl, and can't tell you what to do to solve your problem.

Maybe if you check "the sslcertificates", and the $REV_SSL_PATH global (if you're not on mac os), you will find out what the problem could be. Also note that "the Result" may contain something else and more informative then the URL returned.

[pvaziri]

Thanks BvG. Does anyone out there have an example of what would be put into the sslcertificates property? I'm on Mac OSX.

I'm not familiar with what "a list of root CA" is.

Thanks,
Pete

[Mark Smith]

Thanks BvG. Does anyone out there have an example of what would be put into the sslcertificates property? I'm on Mac OSX.

I'm not familiar with what "a list of root CA" is.

Thanks,
Pete

I'm on OS X, so I chose the cert that curl uses. On my machine:
/usr/share/curl/curl-ca-bundle.crt

If you're on Windows/Linux, then maybe you could try to find out what Firefox/IE are using...

Best,

Mark

[pvaziri]

Thanks for your help Mark.

I could put "/usr/share/curl/curl-ca-bundle.crt" into the $REV_SSL_PATH variable and see that it was set in the Variable Watcher. I also tried reading curl-ca-bundle.crt and putting it into the sslcertificates property, but no dice. It does not appear to be a writable property, even though it is summarized as "You can specify a list of root CA to verify against using the sslcertificates property".

I also tried just a list of one item named "Equifax Secure Global eBusiness CA-1" into sslcertificates, but again writing this to sslcertificates also failed.

So I'm still stuck. Do you or does someone have an example of when sslcertificates was populated and the https request was executed successfully?

Thanks,
Pete

[Mark Smith]

Pete, you just need to set the sslCertificates property to the path to the cert, rather than the content of the cert.

Code: Select all

set the sslCertificates to "/usr/share/curl/curl-ca-bundle.crt"

This is what has worked for me.

I should also point out that both Dave Cragg (maintainer of revs libUrl) and I found that timeouts are frequent when using https connections in Rev, see

http://quality.runrev.com/qacenter/show_bug.cgi?id=3639

Best,

Mark