Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I encounter error. "SSL: Can't load the certificate" #6

Open
carlhung opened this issue Apr 23, 2017 · 14 comments
Open

I encounter error. "SSL: Can't load the certificate" #6

carlhung opened this issue Apr 23, 2017 · 14 comments

Comments

@carlhung
Copy link

carlhung commented Apr 23, 2017
edited
Loading

I followed the steps on readme. installed successfully:
brew reinstall curl --with-openssl --with-nghttp2
brew link curl --force

I went to my developer account. generated APN-development certificate and download the certificate with cer format. double clicked to import to "keychain" and exported a file with p12 format. no password set. typed the command:
openssl pkcs12 -in certificate.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in certificate.p12 -out newfile.key.pem -nocerts -nodes
to generate newfile.crt.pem and newfile.key.pem files. while using this library i got the error:

  • Trying 17.188.138.73...
  • TCP_NODELAY set
  • Connected to api.development.push.apple.com (17.188.138.73) port 443 (#0)
  • WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure Transport. The private key must be in the Keychain.
  • WARNING: SSL: The Security framework only supports loading identities that are in PKCS#12 format.
  • SSL: Can't load the certificate "/Users/Carl/Documents/swift/time/pem/newfile.crt.pem" and its private key: OSStatus -25299
  • Curl_http_done: called premature == 0
  • Closing connection 0
    ret = CURLcode(rawValue: 58)
    Problem with the local SSL certificate

I use an application called "APN tester", my certificate worked fine. I got the post message using tester.

how can i fix it? thanks.
@carlhung carlhung changed the title I encounter error. "SSL: Can't load the certificat" I encounter error. "SSL: Can't load the certificate" Apr 23, 2017
@matteocrippa
Copy link
Member

@carlhung can you check you are running with the patched version of curl first?
Otherwise you have to check the path of the file, if you made ls /Users/Carl/Documents/swift/time/pem/newfile.crt.pem what shows up?

@carlhung
Copy link
Author

what do you mean patched version? i guess it is. i searched a bit.
curl --version
curl 7.51.0 (x86_64-apple-darwin16.0) libcurl/7.51.0 SecureTransport zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets

@carlhung
Copy link
Author

and what do you mean what shows up on the path?

@carlhung
Copy link
Author

i guess ccurl is using the Mac version one.

@matteocrippa
Copy link
Member

I mean the one with http2 support, the default one has no, looking at the version it seems not.
Also if you open the terminal and write this line:

ls /Users/Carl/Documents/swift/time/pem/newfile.crt.pem

what's the response on screen?

@carlhung
Copy link
Author

the file path on the screen.

@matteocrippa
Copy link
Member

ok, so the file exits, in the swift file how do you set that path ? absolute or relative, feel free to share the snippet

@carlhung
Copy link
Author 

    let push = APNS.init(withCerts:
        APNSCertificate(certPath: "/Users/Carl/Documents/swift/time/pem/newfile.crt.pem",
                        keyPath: "/Users/Carl/Documents/swift/time/pem/newfile.key.pem"
        )
    )

i think it should be correct. as i put a wrong path to try what error would show up.

@matteocrippa
Copy link
Member

matteocrippa commented Apr 23, 2017
edited
Loading

I do confirm you're not using the right curl, this is the right one:

~  curl --version
curl 7.54.0 (x86_64-apple-darwin16.5.0) libcurl/7.54.0 OpenSSL/1.0.2k zlib/1.2.8 nghttp2/1.21.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy

please a check and try again this command

brew link curl --force

@carlhung
Copy link
Author

carlhung commented Apr 23, 2017
edited
Loading

yes, i saw that. it is strange actually, i am also fixing the link.
earlier i did follow the command it install. it wasn't SecureTransport zlib/1.2.8. instead, it was openssl.
but when i rebooted my mac. it is back to SecureTransport zlib/1.2.8 now.

@carlhung
Copy link
Author

i googled earlier today. as SecureTransport can't be used by curl.

@carlhung
Copy link
Author

ok, it happens again.
same error message.
curl --version
curl 7.54.0 (x86_64-apple-darwin16.5.0) libcurl/7.54.0 OpenSSL/1.0.2k zlib/1.2.8 nghttp2/1.21.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy

@matteocrippa
Copy link
Member

mhhh sounds strange, try to add the two certificates to the keychain, but dunno if that helps.

@carlhung
Copy link
Author

found that
https://docwhat.org/el-capitan-and-the-evils-of-openssl/
"openssl may fall back to using OpenSSL if the environment variable SSL_CERT_FILE is set."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matteocrippa @carlhung