Do prebuilt libcurl libraries support SSL?

CdrJameson · July 3, 2018, 5:06pm

Hello,

I’m upgrading curl to use https connections instead of http, but I’m getting errors on cUrl when attempting to connect, notably it can’t read my certs file (CURLE_SSL_CACERT_BADFILE when trying to read).

Do the precompiled versions of libcurl supplied with Cocos2d-x support SSL, in which case what flavour is it?
Or do I have to recompile my own versions using something like OpenSSL to provide the SSL support?

Thanks, anyone who knows.

R101 · July 3, 2018, 11:44pm

You haven’t stated any details. Which version of cocos2d-x are you using, and what format is your certificate file in?

For my own project, Cocos2d-x v3.17 works fine using PEM format certificate files for HTTPS.

slackmoehrle · July 4, 2018, 9:09am

Make sure you use the latest deps…

CdrJameson · July 4, 2018, 9:19am

I’m using win32, UWP, Android and iOS.
Certs are in a cacert.pem exported from Mozilla (which is fine when loaded by OpenSSL) stored in the root of the Resources folder.
Cocos is version cocos2d-x-3.15.1
curl is from the appropriate cocos2d\external\curl\prebuilt folder, and works fine with http URLs

Exact config is:

    curl_easy_setopt(m_curl, CURLOPT_SSL_VERIFYPEER, 1);  // Enable peer verification
    curl_easy_setopt(m_curl, CURLOPT_SSL_VERIFYHOST, 2);  // Check host is who it should be
    curl_easy_setopt(m_curl, CURLOPT_CAINFO, "cacert.pem"); // This is where certs live

This is OK for a hand-built OpenSSL-back end version of libcurl, but returns CURLE_SSL_CACERT_BADFILE when I call curl_easy_perform() with the default cocos libraries on win32, UWP and Android (haven’t tried iOS yet)

CdrJameson · July 5, 2018, 1:49pm

I’m sure it does support SSL by the way, it’s just that libcurl can be compiled to support about 50 different SSL providers, and it helps to know which one when you’re trying to get it working. It doesn’t seem to be OpenSSL.

CdrJameson · July 20, 2018, 5:54pm

OK, after further investigation whatever the ssl provider is it does accept “.pem” files for SSL certificates BUT whether it works or not depends on the platform and the working folder.

The code above I got to work on win32 using my own compilation of libcurl/openSSL because ‘cacert.pem’ happened to be in the working folder of the application.

When I modified the code to use a full path then it also worked on UWP with the cocos version of libcurl:
curl_easy_setopt(m_curl, CURLOPT_CAINFO, FileUtils::getInstance()->fullPathForFilename("cacert.pem").c_str())

It still doesn’t work on Android however, and apparently this is because libcurl needs a normal file to read, not something compressed in an apk. The solution is apparently to extract it to the local file system and use it from there according to this:

Haven’t tried it yet, but hopefully that should sort it out.