cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl https hang problem

From: Sid Chang <sid_at_adth.com>
Date: Thu, 05 Oct 2006 19:54:08 -0400

>> But, when I tested curl with https, it simply hangs, while http works
fine.
>> What may have gone wrong here?
>
>Hard to tell, you need to do some debugging around curl's use of the OpenSSL
>functions. Could it be a bad random device configured?

Dan, Good hunch. I picked the wrong random device - random instead of urandom.
Now I'm getting "error:14090086...". Could you translate that into
simpler terms?
Btw, the https test server (see clip below) has a valid and current Thawte
SSL cert.

----------------------------------------------------------------------------------------------------------------
# cd /mnt/curl/bin
# ./curl -v 'https://b2b.adth.com'
* About to connect() to b2b.adth.com port 443
* Trying 67.90.130.174... connected
* Connected to b2b.adth.com (67.90.130.174) port 443
* successfully set certificate verify locations:
* CAfile: /mnt/curl/share/curl/curl-ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
faild* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
faildMore details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
  of Certificate Authority (CA) public keys (CA certs). The default
  bundle is named curl-ca-bundle.crt; you can specify an alternate file
  using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
  the bundle, the certificate verification probably failed due to a
  problem with the certificate (it might be expired, or the name might
  not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
  the -k (or --insecure) option.

Sid
Received on 2006-10-06

This message: [ Message body ]
Next message: mikep_at_proatria.com: "Re: SSL verify peer certificate disable option in curl"
Previous message: lakshmipriya prabhu: "SSL verify peer certificate disable option in curl"
Maybe in reply to: Sid Chang: "curl https hang problem"
Next in thread: Daniel Stenberg: "Re: curl https hang problem"
Reply: Daniel Stenberg: "Re: curl https hang problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]