C ++ and cUrl: how to get SSL error codes

Question

C ++ and cUrl: how to get SSL error codes

I am establishing a connection to a secure server over SSL. Everything works fine, my CAcertificate is used well via

retCode=curl_easy_setopt(handleCurl, CURLOPT_CAINFO, sSSLCertificate);
retCode=curl_easy_setopt(handleCurl, CURLOPT_SSL_VERIFYPEER, 1);

I get stuck trying to deal with errors. Basically I want to be able to get notified when an SSL problem occurs (wrong cacert.pem, server identity not verified, etc.).

Nothing happens when CURLOPT_CAINFO receives an empty CAcert, retCode is fine.

I tried to get information after request with this:

res = curl_easy_getinfo(m_pHandleCurl, CURLINFO_SSL_VERIFYRESULT, &lSSLVerifyResult);

But he always tells me that infinity is okay.

What am I missing?

+1

c ++ curl ssl error-handling

Sicha 18 jan. 12 at 15:28

source to share

1 answer

bronekk · Accepted Answer · 2012-01-18T16:00:22+0000

Add to your connection setup code:

// Make sure this is NOT a stack variable! The buffer
// must be available through whole live of the connection
char buffer[CURL_ERROR_SIZE+1] = {};

retCode=curl_easy_setopt(handleCurl, CURLOPT_ERRORBUFFER, buffer);

then when your connection has ended check what's in the buffer - you should also be able to see some hints regarding the SSL status. It will not be empty if no error occurs.

If you want the actual code, the numeric value is CURLcode

always returned curl_easy_perform

for convenient handling.

If you are using multiple descriptors use curl_multi_info_read

. Here's an example:

int u = 0;
if (CURLM_OK == curl_multi_perform(multi_, &u))
{
  int q = 0;
  CURLMsg *msg = NULL;
  while ((msg = curl_multi_info_read(multi_, &q)) != NULL)
  {
    if (msg->msg == CURLMSG_DONE)
    {
      CURL* easy = msg->easy_handle;
      CURLcode code = msg->data.result;
      // . . .
    }
  }
}

C ++ and cUrl: how to get SSL error codes

More articles: