cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Problem with curl + nss

From: <autrelandes-curl_at_yahoo.fr>
Date: Fri, 9 Jul 2010 21:00:09 +0000 (GMT)

--- En date de : Ven 9.7.10, Dan Fandrich <dan_at_coneharvesters.com> a écrit :
> Try running this with the -v option and post those results
> to the list.
Thanks for the reply.

Here it is :
$ curl -v --netrc --list-only --ftp-ssl-reqd \
        --cacert ~/PKILOCAL/cacert.pem \
        --cert ~/PKILOCAL/cert.pem:motdepasse --key ~/PKILOCAL/priv.key \
        ftp://localhost/
* About to connect() to localhost port 21 (#0)
* Trying ::1... Connexion refusée
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 21 (#0)
< 220 (vsFTPd 2.2.2)
> AUTH SSL
< 234 Proceed with negotiation.
* Initializing NSS with certpath: /home/eric/nssdblocal
* CAfile: /home/eric/PKILOCAL/cacert.pem
  CApath: none
* Unable to load client key -8178.
* Closing connection #0
curl: (58) Unable to load client key -8178.

And also an extract of what gives strace, before the failure :
$ strace curl -v --netrc --list-only --ftp-ssl-reqd \
        --cacert ~/PKILOCAL/cacert.pem \
        --cert ~/PKILOCAL/cert.pem:motdepasse --key ~/PKILOCAL/priv.key \
        ftp://localhost/
[...]
open("/home/eric/PKILOCAL/cert.pem", O_RDONLY|O_LARGEFILE) = 7
fstat64(7, {st_mode=S_IFREG|0664, st_size=1436, ...}) = 0
read(7, "-----BEGIN CERTIFICATE-----\nMIID"..., 1436) = 1436
close(7) = 0
gettimeofday({1278708665, 99615}, NULL) = 0
gettimeofday({1278708665, 99907}, NULL) = 0
gettimeofday({1278708665, 100083}, NULL) = 0
gettimeofday({1278708665, 100485}, NULL) = 0
gettimeofday({1278708665, 100675}, NULL) = 0
gettimeofday({1278708665, 100898}, NULL) = 0
gettimeofday({1278708665, 101090}, NULL) = 0
gettimeofday({1278708665, 102865}, NULL) = 0
gettimeofday({1278708665, 103111}, NULL) = 0
gettimeofday({1278708665, 103320}, NULL) = 0
gettimeofday({1278708665, 103542}, NULL) = 0
gettimeofday({1278708665, 103795}, NULL) = 0
gettimeofday({1278708665, 104018}, NULL) = 0
gettimeofday({1278708665, 104235}, NULL) = 0
gettimeofday({1278708665, 104453}, NULL) = 0
gettimeofday({1278708665, 105161}, NULL) = 0
gettimeofday({1278708665, 105334}, NULL) = 0
open("/home/eric/PKILOCAL/priv.key", O_RDONLY|O_LARGEFILE) = 7
fstat64(7, {st_mode=S_IFREG|0664, st_size=1834, ...}) = 0
read(7, "-----BEGIN ENCRYPTED PRIVATE KEY"..., 1834) = 1834
close(7) = 0
write(2, "*", 1*) = 1
write(2, " ", 1 ) = 1
write(2, "Unable to load client key -8178."..., 33Unable to load client key -8178.
[...]

http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.htm says that -8178 is "Peer's public key is invalid" (SEC_ERROR_BAD_KEY), but these certificate and key work with openssl.

      

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-07-09