libcurl - curl_easy_perform() fails: problem with the SSL CA cert (path? access rights ?)

Question

I compiled the simple libcurl example program from the link below with mingw64 (MSYS2) on Windows 7 x64

https://curl.se/libcurl/c/simple.html

Unfortunately it gives me the error:

curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)

I tried to reinstall the open ssl certificates in MSYS2 to no avail. Please keep in mind that I am a total noob with SSL and certificates! But I need to do an HTTPS request in C in a portable way so I was forced to use libcurl. I don't think there is anything wrong with my system, since 1. an https request sent using WinInet.h works perfectly 2. I can send https requests with the cUrl command without any issues.

PS. I apologize if there are similar topics here, but as far as I could see, none of them addresses the same problem in this specific scenario

Any idea ?

Answer 1

I am answering my own question since in the end I managed to solve the problem, and in the hope this question can be useful to somebody else. It actually seems a common problem, despite nowhere I could find it addressed clearly and for newbies (like me).

The problem is caused by libcurl being based on openSSL. OpenSSL is a Unix/Linux thing and cannot work on Windows unless one install the openSSL for Windows explicitly (not tested). But one may not want to force the users of his/her software to install any additional components like openSSL - as in my case.

The solution is building a libcurl NOT based on openSSL but on windows SSPI, or finding a suitable libcurl package. After many efforts and searching, I discovered that such a package existed for MSYS2, it is mingw curl winssl:

https://packages.msys2.org/package/mingw-w64-x86_64-curl-winssl?repo=mingw64

It was enough to install it:

pacman -S mingw-w64-x86_64-curl-winssl

Linking statically with libcurl can be troublesome and it looks like not all dependencies are listed clearly (seems a known bug). In particular if using an IDE like in my case and knowing nothing of Linux commandline (I am using Code::Blocks) it is necessary to link against the following libs:

-lcurl -lpsl -lidn2 -lssh2 -lbrotlidec -lz -liconv -lzstd -lbrotlicommon -lunistring -lbcrypt -lws2_32 -lwldap32 -lcrypt32

and

#define CURL_STATICLIB (mandatory)

As a last note I must say that IMHO libcurl should be based on Windows by default, not on openSSL, in any minGW distributions, since they are thought to work under Windows and produce Windows executables - but for some reasons obscure to me, this seems not always the case.