cURL / Mailing Lists / curl-users / Single Mail

curl-users

Common name check error during SSL FTP

From: ankur marwah <marwah_ankur_at_yahoo.com>
Date: Tue, 23 Aug 2005 18:12:54 -0700 (PDT)

I have been trying to do SSL FTP using cURL to one of
my SSL servers using the following command line:

curl -v -P ce1 --ftp-ssl --sslv3 -k --disable-epsv
--disable-eprt --cacert USERID1.pem --capath /sftp
--url ftp://USERID1:USERID1@sslserver.us.com:8031

The following errors are generated subsequently:

* error setting certificate verify locations,
continuing anyway:
* CAfile: USERID1.pem
CApath: /sftp
* SSL connection using DES-CBC3-SHA
* Server certificate:
* subject:/C=US/O=COMP/CN=DEUTSCHEEXT
* start date: 2005-02-25 14:42:10 GMT
* expire date: 2007-02-25 14:42:10 GMT
* common name: DEUTSCHEEXT (does not match
'sslserver.us.com')
* issuer:/C=US/O=DBUS/CN=SECOFR
* SSL certificate verify result: error number 1 (19),
continuing anyway.
> USER USERID1
< 331 Password required.
> PASS USERID1
< 230 Login successful.
* We have successfully logged in
> PBSZ 0
< 235 Command OK.
> PROT P
< 235 Command OK.
> PWD
< 257 "/" is current directory
* Entry path is '/'
> PORT 66,248,225,114,128,75
< 200 PORT command successful.
* Ordered connect of the data stream with PORT!
> TYPE A
< 200 Type set to A.
> LIST
< 150 Opening ASCII mode data connection.

At this point it hangs....

The detailed internal logs on the server side suggest
that the SSL handshake is failing.
I have tried a no. of command line options but all
seem to give an error during common name checking.

My queries are :
1) Is it possible that common name checking is causing
this SSL handshake to fail (common name: DEUTSCHEEXT
(does not match 'sslserver.us.com') )
2) Do we have any command line option to turn off the
common name checking since it will not be possible to
generate a new certificate with common name as
sslserver.us.com
3) If not is it possible to get some patch wherein
this option is turned off.

This is a bit urgent and I will be really grateful if
someone can provide the above information.
Other suggestions are equally welcome.

thanks
ankur

bye

Regards
Ankur

____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs

Received on 2005-08-24

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Common name check error during SSL FTP"
Previous message: Daniel Stenberg: "Re: From cURL to Lib cURL"
Next in thread: Daniel Stenberg: "Re: Common name check error during SSL FTP"
Reply: Daniel Stenberg: "Re: Common name check error during SSL FTP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]