cURL / Mailing Lists / curl-users / Single Mail

curl-users

https error after cURL update :-(

From: Marc Roy Olsen <marcroy.olsen_at_gmail.com>
Date: Mon, 25 Feb 2008 19:10:43 +0100

Hi List,

I'm am using curl in a small scale to fetch https site's on the
internet, from command line.
This all worked fin until I updated cURL and open ssl on one server,
now it do not work on that server.
The servers is set up like this:
***********************************************************
OS: Gentoo 2.6.23
cURL on the one that works: curl 7.15.1 (i686-pc-linux-gnu) libcurl/
7.15.1 OpenSSL/0.9.7j zlib/1.2.3
cURL on the one that do not: curl 7.17.1 (i686-pc-linux-gnu) libcurl/
7.17.1 OpenSSL/0.9.8g zlib/1.2.3
***********************************************************

This is the command I run:
**********************************************************
curl -kv -3 my_https_site
**********************************************************

And this is the output I get:
Server that works:
**********************************************************
* About to connect() to my_https_site
* Trying my_https_site... connected
* Connected to my_https_site (my_https_site) port 30001
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/curl-ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DES-CBC3-SHA
* Server certificate:
* subject: /CN=****/serialNumber=25-03-2002-LOCALSERVER-XML-GW/
C=Germany/L=Cologne/ST=NRW/streetAddress=Kaltenbornweg 1-3/
O=eTransaction Services/OU=LocalServer
* start date: 2002-03-25 12:24:59 GMT
* expire date: 2029-08-07 12:24:59 GMT
* common name: **** (does not match 'my_https_site')
* issuer: /CN=Pago/serialNumber=25-03-2002-LOCALSERVER-XML-INTER/
C=Germany/L=Cologne/ST=NRW/streetAddress=Kaltenbornweg 1-3/
O=eTransaction Services/OU=LocalServer
* SSL certificate verify result: error number 1 (19), continuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.15.1 (i686-pc-linux-gnu) libcurl/7.15.1 OpenSSL/
0.9.7j zlib/1.2.3
> Host: my_https_site
> Accept: */*
>
< HTTP/1.0 400 Bad Request
* SSLv3, TLS alert, Client hello (1):
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
About to connect() to 1 port 80
* Trying 0.0.0.1... Failed to connect to 0.0.0.1: Invalid argument
* Success
* couldn't connect to host
* Closing connection #0
curl: (7) Failed to connect to 0.0.0.1: Invalid argument
**********************************************************

The server that do not work:
**********************************************************
* About to connect() to my_https_site port 30001 (#0)
* Trying my_https_site... connected
* Connected to twetest.pago.de (my_https_site) port 30001 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Client hello (1):
* Unknown SSL protocol error in connection to my_https_site:30001
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to my_https_site:
30001

**********************************************************

I have tryed to downgrade cURL to 7.15.5 on the server that do not
work, but gets same result :-(
I'm a little confused if this is a openssl error, a certificat on my
part or because the remote host(the https site i pull from) has there
ssl setup wrong.
I know from running the openssl certifikat check(openssl s_client -
connect) that there certificat is wrong(verify error:num=19:self
signed certificate in certificate chain). But get this error on both
serveres.

Does anyone konw what this could be??

If need I can send the debug message from the --trace option.

ANY help is welcome :-)

Marc

  • application/pkcs7-signature attachment: smime.p7s
Received on 2008-02-25