curl-users
Common name check error during SSL FTP
Date: Tue, 23 Aug 2005 18:12:54 -0700 (PDT)
Hi
I have been trying to do SSL FTP using cURL to one of
my SSL servers using the following command line:
curl -v -P ce1 --ftp-ssl --sslv3 -k --disable-epsv
--disable-eprt --cacert USERID1.pem --capath /sftp
--url ftp://USERID1:USERID1@sslserver.us.com:8031
The following errors are generated subsequently:
* error setting certificate verify locations,
continuing anyway:
* CAfile: USERID1.pem
CApath: /sftp
* SSL connection using DES-CBC3-SHA
* Server certificate:
* subject:/C=US/O=COMP/CN=DEUTSCHEEXT
* start date: 2005-02-25 14:42:10 GMT
* expire date: 2007-02-25 14:42:10 GMT
* common name: DEUTSCHEEXT (does not match
'sslserver.us.com')
* issuer:/C=US/O=DBUS/CN=SECOFR
* SSL certificate verify result: error number 1 (19),
continuing anyway.
> USER USERID1
< 331 Password required.
> PASS USERID1
< 230 Login successful.
* We have successfully logged in
> PBSZ 0
< 235 Command OK.
> PROT P
< 235 Command OK.
> PWD
< 257 "/" is current directory
* Entry path is '/'
> PORT 66,248,225,114,128,75
< 200 PORT command successful.
* Ordered connect of the data stream with PORT!
> TYPE A
< 200 Type set to A.
> LIST
< 150 Opening ASCII mode data connection.
At this point it hangs....
The detailed internal logs on the server side suggest
that the SSL handshake is failing.
I have tried a no. of command line options but all
seem to give an error during common name checking.
My queries are :
1) Is it possible that common name checking is causing
this SSL handshake to fail (common name: DEUTSCHEEXT
(does not match 'sslserver.us.com') )
2) Do we have any command line option to turn off the
common name checking since it will not be possible to
generate a new certificate with common name as
sslserver.us.com
3) If not is it possible to get some patch wherein
this option is turned off.
This is a bit urgent and I will be really grateful if
someone can provide the above information.
Other suggestions are equally welcome.
thanks
ankur
bye
Regards
Ankur
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
Received on 2005-08-24