cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Curl and SSL DH server

From: MANOJ BANGARU <manojbangaru_at_gmail.com>
Date: Thu, 18 Sep 2008 09:41:52 +0530

Hi,

The following is my curl version and the features it is configured with. I
think all openssl libraries have support for dh type transactions.

Curl may be not programmed to handle DH key exchange where server
certificate is not sent in SSL handshake.

Some one need to implement this feature in Curl.

==================================================================
$ curl -V
curl 7.12.1 (x86_64-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a zlib/
1.2.1.2 libidn/0.5.6
Protocols: ftp gopher telnet dict ldap http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
===================================================================

_MB

On Wed, Sep 17, 2008 at 9:51 PM, Dan Fandrich <dan_at_coneharvesters.com>wrote:

> On Wed, Sep 17, 2008 at 04:26:56PM +0530, MANOJ BANGARU wrote:
> > I have a server where DH parameters are configured instead of a server
> > certificate. When I send a ssl request to that server curl exits saying
> peer
> > certificate not found.
> >
> > =================================================
> > [atsuser@windu ~]$ curl -k https://10.102.19.171/testsite/file5.html--ciphers
> > ALL
> > curl: (51) SSL: couldn't get peer certificate!
> > [atsuser@windu ~]$ curl -k https://10.102.19.171/testsite/file5.html--ciphers
> > ALL -v
> > * About to connect() to 10.102.19.171 port 443
> > * Trying 10.102.19.171... * connected
> > * Connected to 10.102.19.171 (10.102.19.171) port 443
> > * successfully set certificate verify locations:
> > * CAfile: /usr/share/ssl/certs/ca-bundle.crt
> > CApath: none
> > * SSL connection using ADH-RC4-MD5
> > * SSL: couldn't get peer certificate!
> > * Closing connection #0
> > curl: (51) SSL: couldn't get peer certificate!
> > =================================================
> >
> > Can someone confirm whether or not curl supports and accepts DH
> parameters
> > instead of server certificate? If Yes, how to do the same?
>
> It sure sounds like it doesn't. What SSL library are you using? If
> supporting DH parameters requires changes to the client application and
> isn't handled purely within the SSL library, then someone will have to
> step up to the plate with code to add to curl to include that support.
>
> >>> Dan
> --
> http://www.MoveAnnouncer.com The web change of address
> service
> Let webmasters know that your web site has moved
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2008-09-18