cURL / Mailing Lists / curl-users / Single Mail

curl-users

FTP over SSL cont.

From: Terrell, Joseph <jterrell_at_rexelusa.com>
Date: Wed, 22 Aug 2007 08:05:31 -0500

Thanks so much for the responses.

I am running into an issue where the remote site enforces SSL and whether or not I bypass SSL with -k it still refuses to allow me to download the file over ftp as I anticipate being able to do with the command I have issued. It does allow me to login and get to the folder where the file resides. The SSL cert is signed as shown below by Verisign and perhaps I am misunderstanding what all is needed for validation there.

It seems as if all parts of the command I am issuing are working with the exception of the ssl verifying. The remote server is an ftp server not a web server so not sure exactly how to grab and embed the cert info into PEM format following the sslcert instructions on the site.

Thanks so much again.
joseph.

Message: 2
Date: Tue, 21 Aug 2007 16:28:25 -0500
From: "Terrell, Joseph" <jterrell_at_rexelusa.com>
Subject: SSL error on curl request
To: "curl-users_at_cool.haxx.se" <curl-users_at_cool.haxx.se>
Message-ID: <C6C7D1F7-F62D-419C-8130-AB5771DF2DBF_at_mimectl>
Content-Type: text/plain; charset="iso-8859-1"

Hi!
I am attempting to ftp over ssl but my ssl auth is getting rejected.
I have grabbed the latest mozilla headers and pointed implicitly to them but there may be another problem.

I am issuing the command line of:
/opt/TWWfsw/bin/curl -v -k --cacert /tmp/cacert.pem --ftp-ssl -u cg153200 -B ftp://ftpst.mytargetsite.com:20021//cg153201/k100.rexel.x340

Does this make sense?

Enter host password for user 'cg153200':
== Info: About to connect() to ftpst.mytargetsite.com port 20021
== Info: Trying 170.135.128.149... == Info: connected
== Info: Connected to ftpst.mytargetsite.com (170.135.128.149) port 20021
<= Recv header, 99 bytes (0x63)
0000: 220 <<<Connect:Enterprise UNIX 2.4.02 Secure FTP>>> at ceweba1u
0040: FTP server ready. Time = 16:20:57
=> Send header, 10 bytes (0xa)
0000: AUTH SSL
<= Recv header, 24 bytes (0x18)
0000: 234 AUTH TLS-P/SSL OK.
== Info: found 94 certificates in /tmp/cacert.pem
== Info: server certificate verification FAILED
== Info: common name: ftpst.usbank.com (matched)
== Info: certificate public key: RSA
== Info: certificate version: #3
== Info: subject: C=US,ST=Minnesota,L=St. Paul,O=U.S. Bank,OU=Data_Distribution_Services_ceweba1u_SSL,OU=Terms of use at www.verisign.com/rpa (c)05,CN=ftpst.usbank.com
== Info: start date: Mon, 08 May 2006 00:00:00 GMT
== Info: expire date: Thu, 07 May 2009 23:59:59 GMT
== Info: issuer: O=VeriSign Trust Network,OU=VeriSign\, Inc.,OU=VeriSign International Server CA - Class 3,OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
== Info: compression: NULL
== Info: cipher: 3DES 168 CBC
== Info: MAC: SHA
=> Send header, 15 bytes (0xf)
0000: USER cg153200
<= Recv header, 37 bytes (0x25)
0000: 331 Password required for cg153200.
=> Send header, 15 bytes (0xf)
0000: PASS ********** <= Recv header, 66 bytes (0x42)
0000: 230 Connect:Enterprise UNIX login ok, access restrictions apply.
=> Send header, 8 bytes (0x8)
0000: PBSZ 0
<= Recv header, 16 bytes (0x10)
0000: 200 PBSZ 0 OK.
=> Send header, 8 bytes (0x8)
0000: PROT P
<= Recv header, 46 bytes (0x2e)
0000: 200 PROT P OK, data channel will be secured.
=> Send header, 5 bytes (0x5)
0000: PWD
<= Recv header, 39 bytes (0x27)
0000: 257 "/cg153200" is current directory.
== Info: Entry path is '/cg153200'
=> Send header, 15 bytes (0xf)
0000: CWD /cg153201
<= Recv header, 29 bytes (0x1d)
0000: 250 CWD command successful.
=> Send header, 6 bytes (0x6)
0000: EPSV
== Info: Connect data stream passively
<= Recv header, 37 bytes (0x25)
0000: 500 'EPSV': command not understood.
== Info: disabling EPSV usage
=> Send header, 6 bytes (0x6)
0000: PASV
<= Recv header, 51 bytes (0x33)
0000: 227 Entering Passive Mode (170,135,128,149,82,10)
== Info: Trying 170.135.128.149... == Info: connected
== Info: Connecting to 170.135.128.149 (170.135.128.149) port 21002
=> Send header, 8 bytes (0x8)
0000: TYPE A
<= Recv header, 20 bytes (0x14)
0000: 200 Type set to A.
=> Send header, 22 bytes (0x16)
0000: SIZE k100.rexel.x340
<= Recv header, 69 bytes (0x45)
0000: 550 Operation is not supported under Connect:Enterprise FTP serv
0040: er.
=> Send header, 22 bytes (0x16)
0000: RETR k100.rexel.x340
<= Recv header, 61 bytes (0x3d)
0000: 150 Opening ASCII mode data connection for k100.rexel.x340.
== Info: Doing the SSL/TLS handshake on the data stream
== Info: found 94 certificates in /tmp/cacert.pem
== Info: SSL re-using session ID
== Info: server certificate verification FAILED
== Info: common name: ftpst.mytargetsite.com (matched)
== Info: certificate public key: RSA
== Info: certificate version: #3
== Info: subject: C=US,ST=Minnesota,L=St. Paul,O=U.S. Bank,OU=Data_Distribution_Services_ceweba1u_SSL,OU=Terms of use at www.verisign.com/rpa (c)05,CN=ftpst.mytargetsite.com
== Info: start date: Mon, 08 May 2006 00:00:00 GMT
== Info: expire date: Thu, 07 May 2009 23:59:59 GMT
== Info: issuer: O=VeriSign Trust Network,OU=VeriSign\, Inc.,OU=VeriSign International Server CA - Class 3,OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
== Info: compression: NULL
== Info: cipher: 3DES 168 CBC
== Info: MAC: SHA
== Info: Getting file with size: -1
<= Recv data, 1932 bytes (0x78c)
0000: -----BEGIN PGP MESSAGE-----
001d: Version: GnuPG v1.0.7 (GNU/Linux)
0040:
0042: hQIOA+fepstMZq3sEAf9GTYbCojzrDWqtzNDVWHMDY0yXsPm3r8/sXtrj3yoXC5U
0084: 7L1xRmN2wTz7SZK5selVMFR2qw40qato30ojg4ltkwwEmMWJuqvsPkJsE2xX2s+1
00c6: OIMoRHq8vl90Uy+ogMqV2omUe7hGEwVfe9kZBWan3g5ZkBR7sN7RgApsTIsdRCqm
0108: iJxr2lASJ3YlM0ahruQX25CKkTQ2wnPqzU8GdO/iFam85ny2c9VgehBa4xmzu78d
014a: Sd4jnSWOXMFKR0AtKz83SQdjIZqEz4O+mOFMkuxghloFzHWcp7bidK7NzQFq9iVt
018c: NzK8WrMmiANOUpvszm1pr4+NGQMujw89cbToV8jvNQf/YeeafRVckCEY0q9UeIBl
01ce: cw8T7h4zh8vWjs8c6mTlr9+Q+TyDRxXRQTCl2q0wBy353hO++i/Q9V1WN75Sie2H
0210: Uh65zCAKzT1KjxiLPoK0UMMUhGUCnyjFbabG5+4gfhYeUh5KHbHdzttgBrZRhknb
0252: R9Rzx7T5bmgfZybmOYj9Ag+y/lcYkCk+gClvFEVIDfic0oLmhvlmvHYpoleR6nCu
0294: ryVtRl6cvQyHqycQXuTnUgKA9XWnQ7ahc3xEw+d6F1Bh9VmvkHUPjoIcz8jIjvT1
02d6: COlJz55a5pxwFie8Shxoz8evnYkQYL0QsirhOUdw7FquoVF14Vb954Mxn4zhisXu
0318: tsnps+ylcKKJx+1fY1e/1uYTeSFTbDMRbXeoG8a+KeepWGdS6Z5V5CvLvRN72ApH
035a: vDG/+GGZ7TLVUz6q8dBSK/CMGJQnlpYVgjbBScja+YNUsxJe+zDobJV/CqTewYCO
039c: 7FXYCinzijwzQnxCSC0QU/08HBX5pC+bV+qkJAPwZCK71kn/lgb/bJ/O/a2vBfzs
03de: OWtZBsMRWwgvjhgTZcEl6tewddzJ0ROBRjme4Rw2Y3o/xCh/VwQm5JuE8HC1BJoi
0420: uZij2kKmkvot3pmQn9RO7cnKgqCFmIjOToBsu0vqryhDs7hGA3Ia3nGXQAwSA5Si
0462: vGbyN42VLiLlTEiEtCTaK2PvqCQkrD3Fb1mbCVJpMiHO71etBU/ynEWTtpJ1Rfg/
04a4: 6o68s+mLqxp0Eh7Y/3ioGR9u4keA0sEg9acagf9n0QHO7QuYUDUjaGKbPcUMPJsz
04e6: fCInVQK4lNnXStoJp96iXi681gQ1Bnp4yLQNTKpkEMR7Lpp7RA1MacoxvWtn5A1G
0528: AUx+878iiFe7BM9wa54rI4KvL0afYmYH8olLOnV6uLQzaNHEpxYWDoFQnhE/qLXJ
056a: M6QqN9ISWZgHu10f9l2Q9kv6fc5ALkycNq5U54xdRP8zet2lfTbPDB/SsBJMcyXw
05ac: 69NCt6qAj449xefcnDjeJZCuJueZcxJFnlc5/noDtpTHqD3AX/9JG2p8T07F3LiM
05ee: UHDiXLm6g8PyCXGrgg0UfMvC7cWTq9HWuIYU6/sU2r+iEPVT6/yzYql5ej9XJEz5
0630: U0IrifndY2JU8Bxcy7737AFGfoJWvZmNuFkKtVpUrT0eRudVCfxAWAvENLzza+Ai
0672: TSAYYs/EWOQko9Sb4SnFvk2GJGbjjnndXVJkC0Y3JkUgKaNgbjsfODUfcP3Xiyzf
06b4: mZMyOlhI3WcvGm8dH8jxL8BvtJa1FXiNSYQCcaa893h/oWRTC4FoAld86PYB9PL4
06f6: Z9HVl4uEUB+SGeYdJnZ8AzZLpiB6OINQc4BPCrjgeD9J4ZyrbgcLzBiKumnJ4f6a
0738: xtTDIaP0xxgP0Q03RTtdxF35gOW1GdVakzbJ0M2cy/ieYMRA
076a: =6JYY
0771: -----END PGP MESSAGE-----

TIA,

Joseph H. Terrell

jterrell_at_RexelUSA.com
Unix Systems Admin
RexelUSA
6606 LBJ Freeway
Dallas TX, 75240
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cool.haxx.se/pipermail/curl-users/attachments/20070821/d1e04e80/attachment-0001.htm

Joseph H. Terrell

jterrell_at_RexelUSA.com
Unix Systems Admin
RexelUSA
6606 LBJ Freeway
Dallas TX, 75240

From: curl-users-request_at_cool.haxx.se
Sent: Wed 8/22/2007 5:00
To: curl-users_at_cool.haxx.se
Subject: curl-users Digest, Vol 24, Issue 21

Send curl-users mailing list submissions to
        curl-users_at_cool.haxx.se

To subscribe or unsubscribe via the World Wide Web, visit
        http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
or, via email, send a message with subject or body 'help' to
        curl-users-request_at_cool.haxx.se

You can reach the person managing the list at
        curl-users-owner_at_cool.haxx.se

When replying, please edit your Subject line so it is more specific
than "Re: Contents of curl-users digest..."

Today's Topics:

   1. RE: FTPS transmission requirements (Floyd, Margaret)
   2. SSL error on curl request (Terrell, Joseph)
   3. Re: SSL error on curl request (Daniel Stenberg)
   4. Re: SSL error on curl request (Dan Fandrich)

----------------------------------------------------------------------

Message: 1
Date: Tue, 21 Aug 2007 08:51:49 -0400
From: "Floyd, Margaret" <FloydM_at_NifcoAM.com>
Subject: RE: FTPS transmission requirements
To: "the curl tool" <curl-users_at_cool.haxx.se>
Message-ID:
        <A7A7C0803C2A9B40AC1B087B3DAAF6A402FF4B96_at_srv-corp-ex01.nifcoam.local>
Content-Type: text/plain; charset="US-ASCII"

Thanks so much. The reply is very helpful.
On Number 3 from what I understand, on the first transmission (or maybe
during some setup step) the bank will send the certificate, and I guess
I will need to store it on my server, so it can be used in subsequent
transmissions. I have asked them for more information on how this will
work, but I guess I will have to wait until I get it.
On number 6, I am also unsure, but I will try your suggestion

Thanks again
Margaret

-----Original Message-----
From: curl-users-bounces_at_cool.haxx.se
[mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Monday, August 20, 2007 5:06 PM
To: the curl tool
Subject: Re: FTPS transmission requirements

On Mon, 20 Aug 2007, Floyd, Margaret wrote:

> 1. It must support Explicit FTPS

check

> 2. It must start the encryption with the AUTH TLS command.

check, at least if you use libcurl. curl currently has no option to
alter
which of the SSL and TLS AUTH options it tries first.

> 3. It must support the presentation of a X.509 digital certificate

The presentation? I'm not sure what you want here so I'm not sure.

> 4. Must support SSLv3 or higher

check

5. Must support passive transmission

check (not that the actual transmission is passive but I think I know
what
you meant - it is the connection behaviour that is called "passive")

> 6. Must support address substitution for passive transmissions

address substitution how?

> Does Curl meet all of these requirements?
>
> If so, how do I get to do 2 and particularly 6.

#2 --ftp-ssl-reqd and could #6 possibly be --ftp-skip-pasv-ip ?

-- 
  Commercial curl and libcurl Technical Support:
http://haxx.se/curl.html
------------------------------
Message: 2
Date: Tue, 21 Aug 2007 16:28:25 -0500
From: "Terrell, Joseph" <jterrell_at_rexelusa.com>
Subject: SSL error on curl request
To: "curl-users_at_cool.haxx.se" <curl-users_at_cool.haxx.se>
Message-ID: <C6C7D1F7-F62D-419C-8130-AB5771DF2DBF_at_mimectl>
Content-Type: text/plain; charset="iso-8859-1"
Hi!
I am attempting to ftp over ssl but my ssl auth is getting rejected. 
I have grabbed the latest mozilla headers and pointed implicitly to them but there may be another problem. 
I am issuing the command line of: 
/opt/TWWfsw/bin/curl -v -k --cacert /tmp/cacert.pem --ftp-ssl -u cg153200 -B ftp://ftpst.mytargetsite.com:20021//cg153201/k100.rexel.x340
Does this make sense? 
Enter host password for user 'cg153200':
== Info: About to connect() to ftpst.mytargetsite.com port 20021
== Info:   Trying 170.135.128.149... == Info: connected
== Info: Connected to ftpst.mytargetsite.com (170.135.128.149) port 20021
<= Recv header, 99 bytes (0x63)
0000: 220 <<<Connect:Enterprise UNIX 2.4.02 Secure FTP>>> at ceweba1u
0040: FTP server ready. Time = 16:20:57
=> Send header, 10 bytes (0xa)
0000: AUTH SSL
<= Recv header, 24 bytes (0x18)
0000: 234 AUTH TLS-P/SSL OK.
== Info: found 94 certificates in /tmp/cacert.pem
== Info:         server certificate verification FAILED
== Info:         common name: ftpst.usbank.com (matched)
== Info:         certificate public key: RSA
== Info:         certificate version: #3
== Info:         subject: C=US,ST=Minnesota,L=St. Paul,O=U.S. Bank,OU=Data_Distribution_Services_ceweba1u_SSL,OU=Terms of use at www.verisign.com/rpa (c)05,CN=ftpst.usbank.com
== Info:         start date: Mon, 08 May 2006 00:00:00 GMT
== Info:         expire date: Thu, 07 May 2009 23:59:59 GMT
== Info:         issuer: O=VeriSign Trust Network,OU=VeriSign\, Inc.,OU=VeriSign International Server CA - Class 3,OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
== Info:         compression: NULL
== Info:         cipher: 3DES 168 CBC
== Info:         MAC: SHA
=> Send header, 15 bytes (0xf)
0000: USER cg153200
<= Recv header, 37 bytes (0x25)
0000: 331 Password required for cg153200.
=> Send header, 15 bytes (0xf)
0000: PASS ********** <= Recv header, 66 bytes (0x42)
0000: 230 Connect:Enterprise UNIX login ok, access restrictions apply.
=> Send header, 8 bytes (0x8)
0000: PBSZ 0
<= Recv header, 16 bytes (0x10)
0000: 200 PBSZ 0 OK.
=> Send header, 8 bytes (0x8)
0000: PROT P
<= Recv header, 46 bytes (0x2e)
0000: 200 PROT P OK, data channel will be secured.
=> Send header, 5 bytes (0x5)
0000: PWD
<= Recv header, 39 bytes (0x27)
0000: 257 "/cg153200" is current directory.
== Info: Entry path is '/cg153200'
=> Send header, 15 bytes (0xf)
0000: CWD /cg153201
<= Recv header, 29 bytes (0x1d)
0000: 250 CWD command successful.
=> Send header, 6 bytes (0x6)
0000: EPSV
== Info: Connect data stream passively
<= Recv header, 37 bytes (0x25)
0000: 500 'EPSV': command not understood.
== Info: disabling EPSV usage
=> Send header, 6 bytes (0x6)
0000: PASV
<= Recv header, 51 bytes (0x33)
0000: 227 Entering Passive Mode (170,135,128,149,82,10)
== Info:   Trying 170.135.128.149... == Info: connected
== Info: Connecting to 170.135.128.149 (170.135.128.149) port 21002
=> Send header, 8 bytes (0x8)
0000: TYPE A
<= Recv header, 20 bytes (0x14)
0000: 200 Type set to A.
=> Send header, 22 bytes (0x16)
0000: SIZE k100.rexel.x340
<= Recv header, 69 bytes (0x45)
0000: 550 Operation is not supported under Connect:Enterprise FTP serv
0040: er.
=> Send header, 22 bytes (0x16)
0000: RETR k100.rexel.x340
<= Recv header, 61 bytes (0x3d)
0000: 150 Opening ASCII mode data connection for k100.rexel.x340.
== Info: Doing the SSL/TLS handshake on the data stream
== Info: found 94 certificates in /tmp/cacert.pem
== Info: SSL re-using session ID
== Info:         server certificate verification FAILED
== Info:         common name: ftpst.mytargetsite.com (matched)
== Info:         certificate public key: RSA
== Info:         certificate version: #3
== Info:         subject: C=US,ST=Minnesota,L=St. Paul,O=U.S. Bank,OU=Data_Distribution_Services_ceweba1u_SSL,OU=Terms of use at www.verisign.com/rpa (c)05,CN=ftpst.mytargetsite.com
== Info:         start date: Mon, 08 May 2006 00:00:00 GMT
== Info:         expire date: Thu, 07 May 2009 23:59:59 GMT
== Info:         issuer: O=VeriSign Trust Network,OU=VeriSign\, Inc.,OU=VeriSign International Server CA - Class 3,OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
== Info:         compression: NULL
== Info:         cipher: 3DES 168 CBC
== Info:         MAC: SHA
== Info: Getting file with size: -1
<= Recv data, 1932 bytes (0x78c)
0000: -----BEGIN PGP MESSAGE-----
001d: Version: GnuPG v1.0.7 (GNU/Linux)
0040:
0042: hQIOA+fepstMZq3sEAf9GTYbCojzrDWqtzNDVWHMDY0yXsPm3r8/sXtrj3yoXC5U
0084: 7L1xRmN2wTz7SZK5selVMFR2qw40qato30ojg4ltkwwEmMWJuqvsPkJsE2xX2s+1
00c6: OIMoRHq8vl90Uy+ogMqV2omUe7hGEwVfe9kZBWan3g5ZkBR7sN7RgApsTIsdRCqm
0108: iJxr2lASJ3YlM0ahruQX25CKkTQ2wnPqzU8GdO/iFam85ny2c9VgehBa4xmzu78d
014a: Sd4jnSWOXMFKR0AtKz83SQdjIZqEz4O+mOFMkuxghloFzHWcp7bidK7NzQFq9iVt
018c: NzK8WrMmiANOUpvszm1pr4+NGQMujw89cbToV8jvNQf/YeeafRVckCEY0q9UeIBl
01ce: cw8T7h4zh8vWjs8c6mTlr9+Q+TyDRxXRQTCl2q0wBy353hO++i/Q9V1WN75Sie2H
0210: Uh65zCAKzT1KjxiLPoK0UMMUhGUCnyjFbabG5+4gfhYeUh5KHbHdzttgBrZRhknb
0252: R9Rzx7T5bmgfZybmOYj9Ag+y/lcYkCk+gClvFEVIDfic0oLmhvlmvHYpoleR6nCu
0294: ryVtRl6cvQyHqycQXuTnUgKA9XWnQ7ahc3xEw+d6F1Bh9VmvkHUPjoIcz8jIjvT1
02d6: COlJz55a5pxwFie8Shxoz8evnYkQYL0QsirhOUdw7FquoVF14Vb954Mxn4zhisXu
0318: tsnps+ylcKKJx+1fY1e/1uYTeSFTbDMRbXeoG8a+KeepWGdS6Z5V5CvLvRN72ApH
035a: vDG/+GGZ7TLVUz6q8dBSK/CMGJQnlpYVgjbBScja+YNUsxJe+zDobJV/CqTewYCO
039c: 7FXYCinzijwzQnxCSC0QU/08HBX5pC+bV+qkJAPwZCK71kn/lgb/bJ/O/a2vBfzs
03de: OWtZBsMRWwgvjhgTZcEl6tewddzJ0ROBRjme4Rw2Y3o/xCh/VwQm5JuE8HC1BJoi
0420: uZij2kKmkvot3pmQn9RO7cnKgqCFmIjOToBsu0vqryhDs7hGA3Ia3nGXQAwSA5Si
0462: vGbyN42VLiLlTEiEtCTaK2PvqCQkrD3Fb1mbCVJpMiHO71etBU/ynEWTtpJ1Rfg/
04a4: 6o68s+mLqxp0Eh7Y/3ioGR9u4keA0sEg9acagf9n0QHO7QuYUDUjaGKbPcUMPJsz
04e6: fCInVQK4lNnXStoJp96iXi681gQ1Bnp4yLQNTKpkEMR7Lpp7RA1MacoxvWtn5A1G
0528: AUx+878iiFe7BM9wa54rI4KvL0afYmYH8olLOnV6uLQzaNHEpxYWDoFQnhE/qLXJ
056a: M6QqN9ISWZgHu10f9l2Q9kv6fc5ALkycNq5U54xdRP8zet2lfTbPDB/SsBJMcyXw
05ac: 69NCt6qAj449xefcnDjeJZCuJueZcxJFnlc5/noDtpTHqD3AX/9JG2p8T07F3LiM
05ee: UHDiXLm6g8PyCXGrgg0UfMvC7cWTq9HWuIYU6/sU2r+iEPVT6/yzYql5ej9XJEz5
0630: U0IrifndY2JU8Bxcy7737AFGfoJWvZmNuFkKtVpUrT0eRudVCfxAWAvENLzza+Ai
0672: TSAYYs/EWOQko9Sb4SnFvk2GJGbjjnndXVJkC0Y3JkUgKaNgbjsfODUfcP3Xiyzf
06b4: mZMyOlhI3WcvGm8dH8jxL8BvtJa1FXiNSYQCcaa893h/oWRTC4FoAld86PYB9PL4
06f6: Z9HVl4uEUB+SGeYdJnZ8AzZLpiB6OINQc4BPCrjgeD9J4ZyrbgcLzBiKumnJ4f6a
0738: xtTDIaP0xxgP0Q03RTtdxF35gOW1GdVakzbJ0M2cy/ieYMRA
076a: =6JYY
0771: -----END PGP MESSAGE-----
TIA,
Joseph H. Terrell
jterrell_at_RexelUSA.com
Unix Systems Admin
RexelUSA
6606 LBJ Freeway
Dallas TX, 75240
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cool.haxx.se/pipermail/curl-users/attachments/20070821/d1e04e80/attachment-0001.htm 
------------------------------
Message: 3
Date: Tue, 21 Aug 2007 23:41:21 +0200 (CEST)
From: Daniel Stenberg <daniel_at_haxx.se>
Subject: Re: SSL error on curl request
To: the curl tool <curl-users_at_cool.haxx.se>
Message-ID: <Pine.LNX.4.64.0708212336240.11652_at_yvahk3.pbagnpgbe.fr>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Tue, 21 Aug 2007, Terrell, Joseph wrote:
> I am attempting to ftp over ssl but my ssl auth is getting rejected.
No, it's not your ssl auth that is rejected. It is curl that fails to verify 
the remote server's certificate.
> I have grabbed the latest mozilla headers and pointed implicitly to them but 
> there may be another problem.
The mozilla ca cert bundle you mean... Are you sure that bundle is capable of 
verifying this cert?
> /opt/TWWfsw/bin/curl -v -k --cacert /tmp/cacert.pem --ftp-ssl -u cg153200 -B 
> ftp://ftpst.mytargetsite.com:20021//cg153201/k100.rexel.x340
>
> Does this make sense?
Not completely, since -k disables the peer cert verification so if you use -k 
you won't need --cacert, and vice versa.
-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
------------------------------
Message: 4
Date: Tue, 21 Aug 2007 14:51:43 -0700
From: Dan Fandrich <dan_at_coneharvesters.com>
Subject: Re: SSL error on curl request
To: curl-users_at_cool.haxx.se
Message-ID: <20070821215142.GA2134_at_coneharvesters.com>
Content-Type: text/plain; charset=us-ascii
On Tue, Aug 21, 2007 at 04:28:25PM -0500, Terrell, Joseph wrote:
> I am attempting to ftp over ssl but my ssl auth is getting rejected.
The log you posted shows everything working correctly. What do you think
is being rejected?
> I have grabbed the latest mozilla headers and pointed implicitly to them but
> there may be another problem.
What does Mozilla have to do with this?
>>> Dan
-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved
------------------------------
_______________________________________________
curl-users mailing list
curl-users_at_cool.haxx.se
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
End of curl-users Digest, Vol 24, Issue 21
******************************************
Received on 2007-08-22