cURL / Mailing Lists / curl-users / Single Mail

curl-users

SSL: couldn't set callback!

From: Collins, Alex <Alex.Collins_at_anglia.ac.uk>
Date: Tue, 27 Apr 2010 12:02:13 +0100

Hi Guys.
Solaris 10 (Sparc) / OpenSSL 0.9.8l / Curl 1.20.1
I have had to anonymise server names / paths for security reasons....

curl -v https://<server >:5055/services --cacert /<path to> /ca-bundle.pem
--key /<path to KEY> .pem

* About to connect() to <Server> port 5055 (#0)
* Trying <IP Address> ... connected
* Connected to <Host> (<ip address) port 5055 (#0)
* SSL: couldn't set callback!
* successfully set certificate verify locations:
* CAfile: /<path to> ca-bundle.pem
CApath: none
* error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected
message
* Closing connection #0
curl: (35) error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
unexpected message

# curl -V
curl 7.20.1 (sparc-sun-solaris2.10) libcurl/7.20.1 OpenSSL/0.9.8l zlib/1.2.3
libidn/1.9 libssh2/1.2.4
Protocols: dict file ftp ftps http https imap imaps ldap pop3 pop3s rtsp scp
sftp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM SSL libz

So is it Curl or OpenSSL ?

> openssl s_client -connect <the same host>:5055 -key /<Path to key>.pem
-cert /<path to cert>.pem -CAfile /<path to CA> /ca-bundle.pem
CONNECTED(00000004)
depth=1 /C=GB/ST=XXXXX/L=XXXX/O=XXXX/OU=XXXX/CN=XXXXX AMS Certification
Authority/emailAddress=tech-support_at_XXXXXXXXXXXXXX
verify return:1
depth=0
/C=GB/ST=XXX/L=XXXX/O=XXXX/OU=XXXX/emailAddress=XXXXX_at_XXXXXX/CN=*.XXXXXXXX

<snip the certs etc >

SSL handshake has read 1600 bytes and written 2045 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Session-ID-ctx:
Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Key-Arg : None
Start Time: 1272347229
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed
>
So SSL Connects, exchanges keys and it all works....

Ideas and suggestions welcome.

Thanks

-- 
Alex Collins.           	Library Systems and Support Officer.
Rivermead Library.      	Tel: 0845 196 3722
alex.collins@anglia.ac.uk     http://libweb.anglia.ac.uk
This product is printed with 100% recycled electrons ! 
 
-- 
EMERGING EXCELLENCE: In the Research Assessment Exercise (RAE) 2008, more than 30% of our submissions were rated as 'Internationally Excellent' or 'World-leading'. Among the academic disciplines now rated 'World-leading' are Allied Health Professions & Studies; Art & Design; English Language & Literature; Geography & Environmental Studies; History; Music; Psychology; and Social Work & Social Policy & Administration. Visit www.anglia.ac.uk/rae for more information.
This e-mail and any attachments are intended for the above named
recipient(s)only and may be privileged. If they have come to you in
error you must take no action based on them, nor must you copy or show
them to anyone please reply to this e-mail to highlight the error and
then immediately delete the e-mail from your system.
 
Any opinions expressed are solely those of the author and do not
necessarily represent the views or opinions of Anglia Ruskin University.
 
Although measures have been taken to ensure that this e-mail and
attachments are free from any virus we advise that, in keeping with good
computing practice, the recipient should ensure they are actually virus
free.
 
Please note that this message has been sent over public networks which may
not be a 100% secure communications
Email has been scanned for viruses by Altman Technologies' email management service -
www.altman.co.uk/emailsystems
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-04-27