Using curl with gnutls support fail with some certificates. As for exemple : % curl https://www.net222.caisse-epargne.fr curl: (35) server cert verify failed: -101 % curl -k https://www.net222.caisse-epargne.fr curl: (35) server cert verify failed: -101 Bugs is both from curl & gnutls. gnutls should not return -101 error as described on http://lists.gnu.org/archive/html/help-gnutls/2008-02/msg00012.html as certificate is good. But curl should not failed using -k options (accept insecure ssl transactions). % curl -V curl 7.17.1 (i686-pc-linux-gnu) libcurl/7.17.1 GnuTLS/2.0.4 zlib/1.2.3 Protocols: tftp ftp telnet dict ldap http file https ftps Features: IPv6 Largefile SSL libz % gnutls-cli -v gnutls-cli (GnuTLS) 2.0.4 patch attached correct the curl bug. Reproducible: Always
Created attachment 143614 [details] files/curl-correct-gnutls-madness.patch
FYI: the patch was written by me and that fix is committed to curl's CVS for inclusion in next release.
the gnutls side of this bug has been fixed in their git tree
appreciate the bug report however I've tinkered with the 7.17.1 version enough. I'll be adding 7.18.1 soon which contains this fix. Thanks for your comments Daniel.