cURL / Mailing Lists / curl-users / Single Mail

curl-users

The -k/--insecure option seems to be ignored in PERL

From: Tom Loeber <thloeber_at_us.ibm.com>
Date: Mon, 19 Oct 2009 09:11:09 -0400

Hi all - I'm trying to implement a PERL script which use the curl command
line on Windows. The curl invocation from within PERL seems to ignore the
-k / --insecure option when the cook-jar is involved. The same invocation
of curl from the command line prompt executes successfully and I get
cookies from the target url.

When I run code something like this (I've changed the host that I really
use for this sample) I get this error and no cookies
use strict ;
use warnings ;
use FindBin qw($Bin) ;
use lib "$Bin" ;
my ($COOKIES,$curlopts,$url,$HOST,$curl,) ;
$curl = $Bin."/curl/bin/curl.exe" ;
$HOST = "https://mysite.ibm.com:9443/jazz" ; # Not the real site of
course
$COOKIES = "cookies.txt" ;
$url = "/authenticated/identity" ;
$curlopts = "-k -c $COOKIES ".'"'.$HOST.$url'"' ;
unlink $COOKIES ;
system($curl $curlopts) ;

curl: (60) SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
-k -L -b ./cookies.txt -c ./cookies.txt -d j_username=thloeber_at_us.ibm.com
-d j_password=at602f7b "
https://rtpariadne.raleigh.ibm.com:9443/jazz/authenticated/j_security_check
"

curl: (60) SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Fetching rootservices for https://rtpariadne.raleigh.ibm.com:9443/jazz

curl: (60) SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

But when I run this from the command line all is well and I get cookies
and no warning.
curl.exe -k -c cookies.txt "
https://mysite.ibm.com:9443/jazz/authenticated/identity"

Regards,
Tom Loeber
SWG Strategy and Technology SW Development Tools
Rational Tools Internal Deployment Lead

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-10-19