Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: SSL connect error
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dan Fandrich via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 8 Dec 2021 09:03:24 -0800
On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via curl-library wrote:
> I am the maintainer of the sane-escl backend, I have an error on an https
> access on a canon XK90 scanner.
> If you have an idea of why and how to bypass it, I'm interested!
>
> curl_handle = curl_easy_init();
> curl_easy_setopt(curl_handle, CURLOPT_URL,
> "https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities");
> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
> curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, memory_callback_c);
> curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
> curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION, header_callback);
> curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void *)header);
> curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
> curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
> CURLcode res = curl_easy_perform(curl_handle);
> if (res != CURLE_OK) {
> printf("respond: %s\n", curl_easy_strerror(res)); // respond: SSL
> connect error
Could it be similar to Github issue #5356? Namely, the scanner is running
years-old firmware that uses a long-obsolete TLS version and OpenSSL is
now refusing to talk to it for security reasons? What TLS back-end is your
libcurl using? What TLS version does the scanner want to use?
Date: Wed, 8 Dec 2021 09:03:24 -0800
On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via curl-library wrote:
> I am the maintainer of the sane-escl backend, I have an error on an https
> access on a canon XK90 scanner.
> If you have an idea of why and how to bypass it, I'm interested!
>
> curl_handle = curl_easy_init();
> curl_easy_setopt(curl_handle, CURLOPT_URL,
> "https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities");
> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
> curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, memory_callback_c);
> curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
> curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION, header_callback);
> curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void *)header);
> curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
> curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
> CURLcode res = curl_easy_perform(curl_handle);
> if (res != CURLE_OK) {
> printf("respond: %s\n", curl_easy_strerror(res)); // respond: SSL
> connect error
Could it be similar to Github issue #5356? Namely, the scanner is running
years-old firmware that uses a long-obsolete TLS version and OpenSSL is
now refusing to talk to it for security reasons? What TLS back-end is your
libcurl using? What TLS version does the scanner want to use?
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-12-08