1

Running this code i get an error "curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK"

#include <stdio.h>
#include <curl/curl.h>

int main(void)
{
    CURL* curl;
    CURLcode res;

    curl = curl_easy_init();
    if (curl) {
        /* First set the URL that is about to receive our POST. This URL can
           just as well be a https:// URL if that is what should receive the
           data. */
        curl_easy_setopt(curl, CURLOPT_URL, "https://www.quandl.com/api/v3/datasets/WIKI/FB/data.json?api_key=MY-CODE-HERE");
        curl_easy_setopt(curl, CURLOPT_HTTPGET, 1);

        /* Perform the request, res will get the return code */
        res = curl_easy_perform(curl);
        if (res != CURLE_OK)
        {
            fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
        }

        /* always cleanup */
        curl_easy_cleanup(curl);
    }
    return 0;
}

There is an example on the quandl website using this exact GET request. It is using the curl.exe though but i dont think it has got anything to do with this.

No where on the quandl website does it mention how to get a certificate or key so my initial thoughts is that they dont allow using libcurl directly OR curl.exe retrieves some certificates from the quandl server.

I tried google.com also and got the same error.

Anyone come across this?

EDIT

I do not want to by-pass SSL verification.

ariia
  • 63
  • 1
  • 7
  • You need to create an account: At the bottom of their home page: _Start Using Data. Registering for an account provides you with an API key so that you can use our data via all tools, directly through the API and the web interface._ Then there's a button: _Create Free Account_ – Craig Estey May 26 '20 at 15:22
  • @CraigEstey that has nothing to do with OP's problem. The request should succeed anyway, account or not. In case of unauthorized access, the website will return an error string, but the request should still succeed. Also, OP is most likely already registered as they put `MY-CODE-HERE` in the URL implying they have an API key. – Marco Bonelli May 26 '20 at 15:24
  • Is your copy of `curl` capable of connecting to other HTTPS sites? – Botje May 26 '20 at 15:28
  • Your code is correct. I've just tried it and it works. The error you get means that curl isn't able to verify the SSL certificate used by the website, either because it's self-signed or you do not have correctly updated Root certificate authorities on your machine. The fact that your request also fails with Google means that it's either that or libcurl is unable to find the correct root CA in your system. Setting `CURLOPT_SSL_VERIFYPEER` to `0` will probably work, but will make curl skip verification, which is ***bad*** and you do not want to (it's an ugly workaround, not a solution). – Marco Bonelli May 26 '20 at 15:30
  • Did you try setting `CURLOPT_SSL_VERIFYPEER` to `0`? Did their example usage of `curl.exe` include the flag `--insecure` ? – DNT May 26 '20 at 15:34
  • @MarcoBonelli how do i get root certificate authorites on my machine? – ariia May 26 '20 at 15:38
  • @CraigEstey i have an account and an api key. – ariia May 26 '20 at 15:40
  • @ariia that I unfortunately do not know, but I know that it depends on your operating system. Try googling for "curl root certificates ". – Marco Bonelli May 26 '20 at 15:40
  • Okay, I have to agree with Marco. I did a cut-and-paste of the URL from your code and ran `curl` from the command line. I got a "We could not recognize you API key". So, I got _none_ of the low level errors you are getting. I downloaded your program, compiled and ran it. I get exactly the same error message. `curl.exe` implies you're on a WinX box. If you were on linux [as I am], I'd suggest running under `strace` to see the syscalls and data. Can you do `curl` [from cmdline] to other sites? Could this be some WinX thing? – Craig Estey May 26 '20 at 15:53

1 Answers1

3

I found out you need to download the .pem file here https://curl.haxx.se/docs/caextract.html

And add these settings...

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1);            
curl_easy_setopt(curl, CURLOPT_CAINFO, "PATH TO FILE\\cacert.pem");
curl_easy_setopt(curl, CURLOPT_CAPATH, "PATH TO FILE\\cacert.pem");
ariia
  • 63
  • 1
  • 7