Is the x86_64-win32 libcurl release compiled with ca-cert-bundle?
matt1309 opened this issue · 1 comments
Hi Folks,
Want to start by saying love the project (only just discovered but very cool how you've opened up the curl impersonate even further to make on the fly customization even easier).
I'm having issues with certificate errors.
Is this because the files in the releases section were built without cert bundle or is it likely a miss-configuration on my end.
I wasn't sure if i maybe needed to add "-lboringssl" to my linker settings on compilation (Testing using windows mingw64 with vs code)
Error: 0x23e6c979530SSL peer certificate or SSH remote key was not OK
(This solves it but feels like it defeats the purpose: curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); )
Edit: the below is a the rough outline of what I'm using in my program, I have other code around it but I believe this is the only curl impersonate relevant parts
void chrome::init()
{
if (ready == false)
{
#ifdef _WIN32
HMODULE curlLib = LoadLibraryW(L"libcurl.dll");
#else
void *curlLib = dlopen("chrome/libcurl.so", RTLD_NOW | RTLD_GLOBAL);
#endif
if (curlLib)
{
using CurlEasyInit = CURL *(*)();
#ifdef _WIN32
CurlEasyInit curlEasyInit = (CurlEasyInit)GetProcAddress(curlLib, "curl_easy_init");
#else
CurlEasyInit curlEasyInit = (CurlEasyInit)dlsym(curlLib, "curl_easy_init");
#endif
if (curlEasyInit)
{
curl = curlEasyInit();
ready = (curl != nullptr);
}
}
}
}
std::pair<std::string, std::string> chrome::runCurl(const std::string& url, const std::string& method, const std::string& requestData, bool firstrun, long timeout)
{
std::string responseData;
std::string error;
// Initialize libcurl if not already initialized
if (!curl)
{
curl = curl_easy_init();
}
if (curl)
{
// Set URL
std::cout << url << std::endl;
curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
// Set method (GET or POST)
if (method == "POST")
{
curl_easy_setopt(curl, CURLOPT_POST, 1L);
if (!requestData.empty())
{
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, requestData.c_str());
}
}
else if (method != "GET")
{
error = "Invalid method. Only GET and POST supported.";
return std::make_pair(responseData, error);
}
// Set data callback function
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteCallback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &responseData);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
// Perform the request
CURLcode res = curl_easy_perform(curl);
if (res != CURLE_OK)
{
if (res == CURLE_OPERATION_TIMEDOUT)
{
error = "Timeout error";
}
else
{
error = curl_easy_strerror(res);
}
}
else
{
error = "Ok";
}
}
else
{
error = "Failed to initialize libcurl.";
}
std::cout << error << std::endl;
std::cout << responseData << std::endl;
return std::make_pair(error, responseData);
}
size_t chrome::WriteCallback(void *contents, size_t size, size_t nmemb, std::string *data)
{
size_t totalSize = size * nmemb;
data->append(static_cast<char *>(contents), totalSize);
return totalSize;
}The binaries for Windows is built with the build.sh script. I think the boringssl lib should be bundled with this line:
Line 38 in 2ab56d9
My only usecase is to bundle the libcurl.dll inside curl_cffi package, in which I always explicitly set the cert path provided by the certifi python package. I guess you should probably set the cert path to the system's cert store or some pem file that you prepared for this.