Search code examples
c++sslopensslssl-certificatepoco

OpenSSL Certificate "unable to get local issuer certificate"

I just started using Poco C++ libraries and i just compiled the NetSSL-OpenSSL download example. When using it with an http site, everything works, but when i use it with an https site, following error occurs:

>download.exe https://api.github.com

WARNING: Certificate verification failed
----------------------------------------
Issuer Name:  C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert High Assurance EV Root CA
Subject Name: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 High Assurance Server CA

The certificate yielded the error: unable to get local issuer certificate

The error occurred in the certificate chain at position 1
Accept the certificate (y,n)?

weirdly the content is still loaded fine after saying yes, but i would really like my program to be clean and also safe regarding internet security.

Here is my code in its current state, but i really don't know what i'm doing, so please point me in the right direction:

// POCO C++ Libraries used

SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler(false);
Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "", "cert.pem", "", Context::VerificationMode::VERIFY_NONE);
SSLManager::instance().initializeClient(0, ptrCert, ptrContext);

URI uri(argv[1]);
std::unique_ptr<std::istream> pStr(URIStreamOpener::defaultOpener().open(uri));
StreamCopier::copyStream(*pStr.get(), std::cout);

I generated the cert.pem file with openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes, hoping this would generate a certificate, but i don't know what certificates i need and where to specify them in my c++ program.

My aim is to connect to a Github API page and read a GET Request, any help appreciated...

Solution

  • I just managed to do it, for anyone interested:

    Since i only need to access the Github API, i only need to verify the certificate used by github, which is DigiCert.

    I visited this page https://www.digicert.com/kb/digicert-root-certificates.htm and downloaded the file DigiCertHighAssuranceEVRootCA.crt.pem, copied it next to my exe and then specified it in my c++ program as such:

    SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler(false);
Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "", "", "DigiCertHighAssuranceEVRootCA.crt.pem", Context::VerificationMode::VERIFY_RELAXED);
SSLManager::instance().initializeClient(0, ptrCert, ptrContext);

    Now i get the answer immediately, without any errors or warnings