Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: SSL connect error
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Thierry Huchard via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 09 Dec 2021 09:12:09 +0100
Le 2021-12-08 18:03, Dan Fandrich via curl-library a écrit :
> On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via
> curl-library wrote:
>> I am the maintainer of the sane-escl backend, I have an error on an
>> https
>> access on a canon XK90 scanner.
>> If you have an idea of why and how to bypass it, I'm interested!
>>
>> curl_handle = curl_easy_init();
>> curl_easy_setopt(curl_handle, CURLOPT_URL,
>> "https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities");
>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
>> curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION,
>> memory_callback_c);
>> curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
>> curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION,
>> header_callback);
>> curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void *)header);
>> curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
>> curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
>> CURLcode res = curl_easy_perform(curl_handle);
>> if (res != CURLE_OK) {
>> printf("respond: %s\n", curl_easy_strerror(res)); //
>> respond: SSL
>> connect error
>
> Could it be similar to Github issue #5356? Namely, the scanner is
> running
> years-old firmware that uses a long-obsolete TLS version and OpenSSL is
> now refusing to talk to it for security reasons? What TLS back-end is
> your
> libcurl using? What TLS version does the scanner want to use?
On FreeBSD 12.2-RELEASE, the version of OpenSSL is 1.1.1k and curl is
7.73.0
For the device in question the documentation is not easy to read, the
ideal would have been in French, I could have arranged with English, but
Japanese, not possible!
So I have no information about it, I know that http requests work. I
would have liked to force the discussion.
I will test the https connection and switch to http if it fails...
Thanks for the feedback!
Thierry
Date: Thu, 09 Dec 2021 09:12:09 +0100
Le 2021-12-08 18:03, Dan Fandrich via curl-library a écrit :
> On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via
> curl-library wrote:
>> I am the maintainer of the sane-escl backend, I have an error on an
>> https
>> access on a canon XK90 scanner.
>> If you have an idea of why and how to bypass it, I'm interested!
>>
>> curl_handle = curl_easy_init();
>> curl_easy_setopt(curl_handle, CURLOPT_URL,
>> "https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities");
>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
>> curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION,
>> memory_callback_c);
>> curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
>> curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION,
>> header_callback);
>> curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void *)header);
>> curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
>> curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
>> CURLcode res = curl_easy_perform(curl_handle);
>> if (res != CURLE_OK) {
>> printf("respond: %s\n", curl_easy_strerror(res)); //
>> respond: SSL
>> connect error
>
> Could it be similar to Github issue #5356? Namely, the scanner is
> running
> years-old firmware that uses a long-obsolete TLS version and OpenSSL is
> now refusing to talk to it for security reasons? What TLS back-end is
> your
> libcurl using? What TLS version does the scanner want to use?
On FreeBSD 12.2-RELEASE, the version of OpenSSL is 1.1.1k and curl is
7.73.0
For the device in question the documentation is not easy to read, the
ideal would have been in French, I could have arranged with English, but
Japanese, not possible!
So I have no information about it, I know that http requests work. I
would have liked to force the discussion.
I will test the https connection and switch to http if it fails...
Thanks for the feedback!
Thierry
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-12-09