cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL Error connecting to cia.gov

From: Song Ma <songmash_at_gmail.com>
Date: Wed, 24 Oct 2007 16:04:13 +0800

2007/10/24, Jake Goulding <goulding_at_vivisimo.com>:
>
> Thanks! I will take my inquiry to the OpenSSL list.
>
> -Jake

Looks like this does not directly related with OpenSSL neither. I tried
connection from two machines. One is UNIX and the other is Linux. The curl
version is different (7.16.1 and 7.17.1 dev version) and the OpenSSL version
is also different (0.9.7d and 0.9.8f). But the result is same: if you invoke
several connections within a short time, a few will be success and the other
will fail anyway.

Looks like the website has some protection mechanism to not accept every
connection request.

Here is a successful log:
$ curl https://www.cia.gov/about-cia/faqs/ -I -v
* About to connect() to www.cia.gov port 443 (#0)
* Trying 198.81.129.100... connected
* Connected to www.cia.gov (198.81.129.100) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: /C=US/ST=Virginia/O=CIA/OU=Terms of use at
www.verisign.com/rpa (c)05/CN=www.cia.gov
* start date: 2006-02-08 00:00:00 GMT
* expire date: 2008-02-08 23:59:59 GMT
* common name: www.cia.gov (matched)
* issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign
* SSL certificate verify ok.
> HEAD /about-cia/faqs/ HTTP/1.1
> User-Agent: curl/7.17.1-20071013 (i686-pc-linux-gnu)
libcurl/7.17.1-20071013 OpenSSL/0.9.8f zlib/1.2.3 c-ares/1.4.0 libidn/0.6.9
> Host: www.cia.gov
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Netscape-Enterprise/4.1
Server: Netscape-Enterprise/4.1
< Date: Wed, 24 Oct 2007 08:02:41 GMT
Date: Wed, 24 Oct 2007 08:02:41 GMT
< Content-type: text/html
Content-type: text/html
< Etag: "fddc179a-1-9d02-471ddb09"
Etag: "fddc179a-1-9d02-471ddb09"
< Last-modified: Tue, 23 Oct 2007 11:29:13 GMT
Last-modified: Tue, 23 Oct 2007 11:29:13 GMT
< Content-length: 40194
Content-length: 40194
< Accept-ranges: bytes
Accept-ranges: bytes

<
* Connection #0 to host www.cia.gov left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Received on 2007-10-24