cURL / Mailing Lists / curl-users / Single Mail

curl-users

There could be something wrong w/ "-k" option in version "libcurl/7.36.0 "

From: Lord Viper <el_viper_23_at_yahoo.com>
Date: Tue, 2 Dec 2014 08:18:41 +0000 (UTC)

Hi Guys,

Good Day!

I'm kinda new in this thread, and would want inputs before we decided to really upgrade to a higher-version of curl that has "-k" working fine.

Allow me to discribed what we have found in version "libcurl/7.36.0" and comparing it to a "libcurl/7.27.0" w/ regards to the "-k" option.

-k/--insecure
(SSL) This option explicitly allows curl to perform "insecure" SSL connections and
transfers. All SSL connections are attempted to be made secure by using the CA certificate
bundle installed by default. This makes all connections considered "insecure" fail
unless -k/--insecure is used.

Our Test Engr counterpart made the following observations when doing the same command in 2 machines w/ different curl versions

1.) Curl Version: libcurl/7.36.0 --> "-k" seems to be NOT WORKING on this VERSION

$ curl https://8.35.141.54/protected/EnableRemoteFcmSSH.cgi -k -u adminFoo:foouser -s -v
* Hostname was NOT found in DNS cache
* Trying 8.35.141.54...
* Connected to 8.35.141.54 (8.35.141.54) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-SHA
* Server certificate:
* subject: CN=RY104706753
* start date: 2014-10-17 11:02:25 GMT
* expire date: 2016-12-25 11:32:25 GMT
* SSL: certificate subject name 'RY104706753' does not match target host name '8.35.141.54'
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):

2.) Curl Version: libcurl/7.27.0 --> "-k" WAS WORKING on this VERSION

$ curl https://8.35.141.54/protected/EnableRemoteFcmSSH.cgi -k -u adminFoo:foouser -s -v
* About to connect() to 8.35.141.54 port 443 (#0)
* Trying 8.35.141.54...
* connected
* Connected to 8.35.141.54 (8.35.141.54) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=RY104706753
* start date: 2014-10
* expire date: 2016-12
* common name: RY104706753 (does not match '8.35.141.54')
* issuer: C=PL; O
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'adminFoo'
GET /protected/EnableRemoteFcmSSH.cgi HTTP/1.1
Authorization: Basic TmVtdWFkbWluOm5lbXV1c2Vy
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.27.0 OpenSSL/1.0.1e zlib/1.2.3 libssh2/1.4.2
Host: 8.35.141.54
Accept: */*

Thanks all for your help...

Best Regards,
Ryan R.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-12-02