Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: SSL connect error
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Fruzynski via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 09 Dec 2021 12:49:17 +0100
W dniu 2021-12-09 09:12, Thierry Huchard via curl-library napisał(a):
> Le 2021-12-08 18:03, Dan Fandrich via curl-library a écrit :
>> On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via
>> curl-library wrote:
>>> I am the maintainer of the sane-escl backend, I have an error on an
>>> https
>>> access on a canon XK90 scanner.
>>> If you have an idea of why and how to bypass it, I'm interested!
>>>
>>> curl_handle = curl_easy_init();
>>> curl_easy_setopt(curl_handle, CURLOPT_URL,
>>> "https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities");
>>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
>>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
>>> curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION,
>>> memory_callback_c);
>>> curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
>>> curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION,
>>> header_callback);
>>> curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void
>>> *)header);
>>> curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
>>> curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
>>> CURLcode res = curl_easy_perform(curl_handle);
>>> if (res != CURLE_OK) {
>>> printf("respond: %s\n", curl_easy_strerror(res)); //
>>> respond: SSL
>>> connect error
>>
>> Could it be similar to Github issue #5356? Namely, the scanner is
>> running
>> years-old firmware that uses a long-obsolete TLS version and OpenSSL
>> is
>> now refusing to talk to it for security reasons? What TLS back-end is
>> your
>> libcurl using? What TLS version does the scanner want to use?
>
> On FreeBSD 12.2-RELEASE, the version of OpenSSL is 1.1.1k and curl is
> 7.73.0
> For the device in question the documentation is not easy to read, the
> ideal would have been in French, I could have arranged with English,
> but Japanese, not possible!
> So I have no information about it, I know that http requests work. I
> would have liked to force the discussion.
> I will test the https connection and switch to http if it fails...
> Thanks for the feedback!
>
> Thierry
Try running following command, it will print more details about what was
going on during connection process:
curl -vk https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities
You can also capture packets using Wireshark and check what happened
during TLS handshake.
Daniel
Date: Thu, 09 Dec 2021 12:49:17 +0100
W dniu 2021-12-09 09:12, Thierry Huchard via curl-library napisał(a):
> Le 2021-12-08 18:03, Dan Fandrich via curl-library a écrit :
>> On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via
>> curl-library wrote:
>>> I am the maintainer of the sane-escl backend, I have an error on an
>>> https
>>> access on a canon XK90 scanner.
>>> If you have an idea of why and how to bypass it, I'm interested!
>>>
>>> curl_handle = curl_easy_init();
>>> curl_easy_setopt(curl_handle, CURLOPT_URL,
>>> "https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities");
>>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
>>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
>>> curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION,
>>> memory_callback_c);
>>> curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
>>> curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION,
>>> header_callback);
>>> curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void
>>> *)header);
>>> curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
>>> curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
>>> CURLcode res = curl_easy_perform(curl_handle);
>>> if (res != CURLE_OK) {
>>> printf("respond: %s\n", curl_easy_strerror(res)); //
>>> respond: SSL
>>> connect error
>>
>> Could it be similar to Github issue #5356? Namely, the scanner is
>> running
>> years-old firmware that uses a long-obsolete TLS version and OpenSSL
>> is
>> now refusing to talk to it for security reasons? What TLS back-end is
>> your
>> libcurl using? What TLS version does the scanner want to use?
>
> On FreeBSD 12.2-RELEASE, the version of OpenSSL is 1.1.1k and curl is
> 7.73.0
> For the device in question the documentation is not easy to read, the
> ideal would have been in French, I could have arranged with English,
> but Japanese, not possible!
> So I have no information about it, I know that http requests work. I
> would have liked to force the discussion.
> I will test the https connection and switch to http if it fails...
> Thanks for the feedback!
>
> Thierry
Try running following command, it will print more details about what was
going on during connection process:
curl -vk https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities
You can also capture packets using Wireshark and check what happened
during TLS handshake.
Daniel
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-12-09