cURL / Mailing Lists / curl-users / Single Mail

curl-users

SSL problem with capath and cacert/file

From: Emiliano Valente <emiliano.valente_at_eutelia.it>
Date: Mon, 01 Aug 2005 15:54:46 +0200

Hi there,

I've notice a problem with curl + ssl (tested also with openssl-0.9.8
and latest curl cvs snapshot) accessing to tomcat web server with
client-cert validation.
I have no problem at all accessing with curl using the same certificate
to Apache, or ISS.

-----------------------------------------------
1) With the openssl line command tool using:

openssl s_client -connect tomcathost:443 -cert /pathtomycert.pem
-CApath /pathtocadir

I get:

<skip>

---
SSL handshake has read 8319 bytes and written 3418 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
42E8B2653967F1E34F2B4883C35D345A8F3671E8413962D534E1A9E12D1268A3
    Session-ID-ctx:
    Master-Key:
08B51CDC50358B63F6DE303CDAD96FF67BBD740C5817AB43616E345082A872ABB9BACB717A7434B122EB8D1EB0794E25
    Key-Arg   : None
    Start Time: 1122546061
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
----------------------------------------------------------------------
2) While using curl like
curl --trace debug -m 60 --interface myip -E/pathtomycert.pem --capath
/pathtocadir -L https://tomcathost
I get this error (end of debug)
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Send SSL data, 1 bytes (0x1)
0000: 01                                              .
== Info: SSLv3, TLS handshake, Finished (20):
<= Send SSL data, 16 bytes (0x10)
0000: 14 00 00 0c 56 47 ce 2e 51 85 fc 4f c4 20 6f a5 ....VG..Q..O. o.
== Info: SSLv3, TLS alert, Server hello (2):
<= Recv SSL data, 2 bytes (0x2)
0000: 02 2e                                           ..
== Info: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate unknown
== Info: Closing connection #0
curl: (35) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate unknown
----------------------------------------------------------------------
NB: I get the same error with openssl (end of debug) using
CAcert instead of CAfile
openssl s_client -connect tomcathost:443 -cert /pathtomycert.pem
-CAcert /pathtocafile
read from 0x80bb7d8 [0x80c0d80] (5 bytes => 5 (0x5))
0000 - 15 03 01 00 02                                    .....
read from 0x80bb7d8 [0x80c0d85] (2 bytes => 2 (0x2))
0000 - 02 2e                                             ..
7220:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown:s3_pkt.c:1054:SSL alert number 46
7220:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:230:
0000 - 15 03 01 00 02                                    .....
read from 0x80bb7d8 [0x80c0d85] (2 bytes => 2 (0x2))
0000 - 02 2e
Best regards
e.

Received on 2005-08-01

This message: [ Message body ]
Next message: David Pearson: "Using MGET to download files with the mask *.csv"
Next in thread: Daniel Stenberg: "Re: SSL problem with capath and cacert/file"
Reply: Daniel Stenberg: "Re: SSL problem with capath and cacert/file"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]