curl-users
curl: (52) Empty reply from server
Date: Tue, 23 Nov 2010 17:34:33 +0000
I am trying to access a ssl enabled website using client certificate.
You can find the testing keys and certificates attached. password for
testing certificate is "test" as you can see from the screen output
below. Testing portal url is
("https://itv.mit-xperts.com/clientssl/check/").
I am working on two different platforms, STLinux and Ubuntu. STLinux
fails with empty reply with the server. Same behaviour can be observed
from libcurl(STLinux) also. Here you can see the version information and
outputs of both platforms:
Ubuntu Curl Version information and command verbose
-------------------------------------------------------------------
caner_at_marge:~/Documents/official/certificates$ curl --version
curl 7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g
zlib/1.2.3.3 libidn/1.15
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
caner_at_marge:~/Documents/official/certificates$ curl -v
--cert ./test/1330221600crt.pem:test --key ./test/1330221600key.pem
--cacert ./cacert.pem https://itv.mit-xperts.com/clientssl/check/
* About to connect() to itv.mit-xperts.com port 443 (#0)
* Trying 62.75.156.130... connected
* Connected to itv.mit-xperts.com (62.75.156.130) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: ./cacert.pem
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: O=itv.mit-xperts.com, OU=Domain Control Validated,
CN=itv.mit-xperts.com
* start date: 2010-08-17 17:36:14 GMT
* expire date: 2011-09-12 11:38:10 GMT
* subjectAltName: itv.mit-xperts.com matched
* issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc.,
OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure
Certification Authority, serialNumber=07969287
* SSL certificate verify ok.
> GET /clientssl/check/ HTTP/1.1
> User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5
OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.15
> Host: itv.mit-xperts.com
> Accept: */*
>
* SSLv3, TLS handshake, Hello request (0):
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
< HTTP/1.1 200 OK
< Date: Tue, 23 Nov 2010 17:15:24 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.1.6
< Content-Length: 162
< Connection: close
< Content-Type: text/plain;charset=UTF-8
<
Client Certificate Authentication succeeded:
Client
DN: /C=DE/ST=Bavaria/L=Munich/O=MIT-xperts/OU=Test/CN=testbox.mit-xperts.com/emailAddress=info_at_mit-xperts.com
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
caner_at_marge:~/Documents/official/certificates$
Stlinux curl version information and curl verbose:
--------------------------------------------------
root_at_idl5k:/home/app/mantra/runtime# curl --version
curl 7.20.0 (sh4-unknown-linux-gnu) libcurl/7.20.0 OpenSSL/0.9.8k
zlib/1.2.3
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s rtsp smtp
smtps telnet tftp
Features: Largefile NTLM SSL libz
root_at_idl5k:/home/app/mantra/runtime# curl -v --cert
1330221600crt.pem:test --key 1330221600key.pem --cacert ./cacert.pem
https://itv.mit-xperts.com/clientssl/check/
* About to connect() to itv.mit-xperts.com port 443 (#0)
* Trying 62.75.156.130... connected
* Connected to itv.mit-xperts.com (62.75.156.130) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: ./cacert.pem
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: O=itv.mit-xperts.com; OU=Domain Control Validated;
CN=itv.mit-xperts.com
* start date: 2010-08-17 17:36:14 GMT
* expire date: 2011-09-12 11:38:10 GMT
* subjectAltName: itv.mit-xperts.com matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.;
OU=http://certificates.godaddy.com/repository; CN=Go Daddy Secure
Certification Authority; serialNumber=07969287
* SSL certificate verify ok.
> GET /clientssl/check/ HTTP/1.1
> User-Agent: curl/7.20.0 (sh4-unknown-linux-gnu) libcurl/7.20.0
OpenSSL/0.9.8k zlib/1.2.3
> Host: itv.mit-xperts.com
> Accept: */*
>
* SSLv3, TLS alert, Server hello (2):
* Empty reply from server
* Connection #0 to host itv.mit-xperts.com left intact
curl: (52) Empty reply from server
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Do you have any idea what should be the problem?
-- Caner Altinbasak <caner.altinbasak_at_inverto.tv> Inverto Digital Labs
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/x-x509-ca-cert attachment: 1330221600key.pem
- application/x-x509-ca-cert attachment: 1330221600crt.pem
- application/x-x509-ca-cert attachment: cacert.pem