kicad-developers team mailing list archive

[Brian Sidebotham <brian.sidebotham@xxxxxxxxx>]

Please don't simply disable SSL verification - this is really only
useful for self-signed certs.

Instead, use something along the lines of

    curl_easy_setopt( curl, CURLOPT_CAINFO, "ca-bundle.crt");

This is a Windows-specific problem, so I would ifdef that setting and
package the ca-bundle.crt in the windows installer.

You can get up-to-date certificate bundles from:
http://curl.haxx.se/docs/caextract.html

Best Regards,

Brian.


On 4 December 2015 at 08:46, jp charras <jp.charras@xxxxxxxxxx> wrote:
> Le 03/12/2015 21:36, Mark Roszko a écrit :
>> Is it the same exact request failed message after "Curl request
>> failed"? i.e. CA Cert permissions?
>
> Yes.
> I rebuilt Kicad with your last patch, with no warning, but  I still have
> the CA Cert issue.
>
>>
>>
>> Can you try to pacman the curl packages to reinstall them just in case?
>
> I rebuilt Kicad with an updated msys2 install, and still have the CA
> Cert issue.
>
> To avoid this issue, I added the option:
>     curl_easy_setopt( m_CURL, CURLOPT_SSL_VERIFYPEER, 0L );
> in KICAD_CURL_EASY ctor to avoid Cert issue, and Kicad works OK.
>
> I am not sure verifying a certificate is mandatory just to download some
> ASCII files from our server.
>
>>
>> On Thu, Dec 3, 2015 at 2:38 PM, jp charras <jp.charras@xxxxxxxxxx> wrote:
>>> Le 03/12/2015 18:33, Mark Roszko a écrit :
>>>> Ah yes I was planning on fixing that warning, its silly noise.
>>>>
>>>>
>>>>
>>>> That cacert problem is interesting, though generally troubleshootable
>>>>
>>>> It generally looks for a "cacert" file in the program's folder and
>>>> then PATH unless we specify it explicitly (usually no point as Linux
>>>> has it as a system package)
>>>> In a Windows distribution of kicad we would just have to copy cacert
>>>> to the kicad bin which is fine.
>>>>
>>>> You can try
>>>> pacman -S ca-certificates
>>>> or
>>>> pacman -S mingw-w64-x86_64-ca-certificates
>>>>
>>>> (since I get confused by the package paths and ugh it gets confusing
>>>> between shells).
>>>>
>>>>
>>>> Are you able to invoke a curl HTTPS connection in the shell?
>>>> curl https://www.google.com
>>>>
>>>
>>> Thanks for your help.
>>>
>>> I can now invoke a curl https connection, after re-installing
>>> ca-certificates (the initial installed file was empty, and curl did not
>>> work when running "curl https://www.google.com";).
>>>
>>> For instance I can download the github data from command:
>>> curl https://api.github.com/orgs/KiCad/repos
>>>
>>> Unfortunately, I still have the "CURL Request Failed" issue when running
>>> pcbnew (the certificate file ca-bundle.crt coming from ca-certificates
>>> re-install is also copied from mingw32 in PATH)
>>>
>>> --
>>> Jean-Pierre CHARRAS
>>
>>
>>
>
>
> --
> Jean-Pierre CHARRAS
>
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp