Topic: [SOLVED] can't load ca file, Please run from wolfSSL home dir

Ultimately I want to get an existing application using libcurl to use a libcurl linked with wolfSSL (on a PowerPC device). The curl command line utility was giving me an error 77. I did see http://www.yassl.com/forums/topic702-ca … ation.html, and I think I should be avoiding the problems there.

At the moment, I am trying to get the wolfSSL example client on my build machine (ubuntu trusty) to connect to a server and verify its certificate, but it seems I can't get the client to load any certificate bundle.

csg@ubuntu:/opt/external/wolfssl$ ./examples/client/.libs/client -x -h yahoo.com -p 443 -A /etc/ssl/certs/ca-certificates.crt 
wolfSSL error: can't load ca file, Please run from wolfSSL home dir

I am running this from the wolfSSL home directory. I have tried it with and without the -A option.

If I disable peer verification using -d, the client connects fine.

Here is my configure line:

./configure \
--prefix=/usr/local \
--enable-opensslextra \
--enable-aesgcm \
--enable-sha512 \
--enable-dh \
--enable-dsa \
--enable-ecc \
--enable-sni \
--enable-fastmath \
--enable-sessioncerts \
--enable-certgen \
--enable-testcert \
C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"

Can anyone suggest troubleshooting steps to zero in on the problem? Thanks.

Share

Re: [SOLVED] can't load ca file, Please run from wolfSSL home dir

I got it working, after much mucking about. It turned out that I had an expired cert in my bundle.

I also fixed some asm errors with --without-pic in my configure line.

The example client and the curl command-line tool now connect successfully with verification enabled.

Share

Re: [SOLVED] can't load ca file, Please run from wolfSSL home dir

Hi csg,

Glad you were able to get this working. If you have any other questions please contact us whenever. Sorry we missed helping you out on this one!

Kind Regards,

Kaleb