cURL / Mailing Lists / curl-users / Single Mail

curl-users

curl https problem on an embedded system

From: Sid Chang <sid_at_adth.com>
Date: Thu, 12 Oct 2006 21:41:04 -0400

I installed curl+ssl on two machines in a similar manner.

On the development pc (i386-redhat-linux), curl https works fine.
[see clip#1]

But, on the embedded system board (mipsel-uclinux), curl https fails to
verify the server cert. [see clip#2]
The way curl is currently implemented on the board is by NFS mounting
dev pc's directory (/mnt/curl) containing cross-compiled curl files.
e.g. # mount -o nolock 192.168.1.23:/mnt /mnt

I have tried every trick in the book and still can't get https to work
on my embedded system (I can probably live with -k, but...).
Is it NFS mount? or something else?

clip#1=========================================================================

   curl version: 7.15.5
   Host setup: i386-redhat-linux-gnu
   Install prefix: /tmp/curl
   Compiler: i386-redhat-linux-gcc
   SSL support: enabled (OpenSSL)
   ...............
   ca cert path: ${prefix}/share/curl/curl-ca-bundle.crt

bash-2.05b# ./curl -v https://b2b.adth.com
* About to connect() to b2b.adth.com port 443
* Trying 67.90.130.174... connected
* Connected to b2b.adth.com (67.90.130.174) port 443
* SSL: couldn't set callback!
* successfully set certificate verify locations:
* CAfile: /tmp/curl/share/curl/curl-ca-bundle.crt
   CApath: none
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=US/ST=Georgia/L=Chamblee/O=Atlanta DTH
Inc./OU=Retail/CN=b2b.adth.com
* start date: 2005-11-30 17:06:49 GMT
* expire date: 2007-12-16 17:16:29 GMT
* common name: b2b.adth.com (matched)
* issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailAddress=premium-server_at_thawte.com
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.15.5 (i386-redhat-linux-gnu) libcurl/7.15.5
OpenSSL/0.9.7a
zlib/1.1.4
> Host: b2b.adth.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Microsoft-IIS/5.0
< Content-Location: https://b2b.adth.com/index.html
< Date: Fri, 13 Oct 2006 00:34:13 GMT
< Content-Type: text/html
< Accept-Ranges: bytes
< Last-Modified: Mon, 22 Nov 2004 21:40:46 GMT
< ETag: "03a7ecdbd0c41:1a19"
< Content-Length: 51
<script>
top.location.href="index.jsp";
Connection #0 to host b2b.adth.com left intact
* Closing connection #0
</script>
bash-2.05b#

clip#2=========================================================================

   curl version: 7.15.5
   Host setup: mipsel-unknown-linux-gnu
   Install prefix: /mnt/curl
   Compiler: mipsel-linux-gcc
   SSL support: enabled (OpenSSL)
   ...............
   ca cert path: ${prefix}/share/curl/curl-ca-bundle.crt

# ./curl -v https://b2b.adth.com
* About to connect() to b2b.adth.com port 443
* Trying 67.90.130.174... connected
* Connected to b2b.adth.com (67.90.130.174) port 443
* successfully set certificate verify locations:
* CAfile: /mnt/curl/share/curl/curl-ca-bundle.crt
   CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failedMore details here: http://curl.haxx.se/docs/sslcerts.html ...............

Sid
Received on 2006-10-13