cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: problems with TLSv1 curl on Windows

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Thu, 15 Jan 2015 09:49:50 +0100

On Thursday 15 January 2015 08:11:32 Hilgersom, Danny wrote:
> On 01-14-15 Danny Hilgerson wrote;
>
> >These are the commands that we tried:
> >curl.exe" -v --ssl-reqd --cert <certfile>.crt:<pass> --key
> ><private_keyfile>.key --cacert ca-bundle.pem --user <users>:<pass>
> >ftp://<ftp_server_url>/ curl.exe" -v -TLSv1 --ssl-reqd --cert
> ><certfile>.crt:<pass> --key <private_keyfile>.key --cacert ca-bundle.pem
> >--user <users>:<pass> ftp://<ftp_server_url>/
> We just fought this type of issue recently, besides verifying that new certs
> have not been added by the vender.. Going from
> http://curl.haxx.se/docs/manpage.html
> You might try --tlsv1.0 instead of --ssl-reqd

Those options are not mutually exclusive. --ssl-reqd makes curl require
a secured transfer and --tslv1.[0-2] selects the TLS version to be used
(in case it actually is used).

> Ok, I tried this now:
>
> curl.exe -v --tlsv1.0 --cert <certfile>.crt:<pass> --key
> <private_keyfile>.key --cacert ca-bundle.pem --user <users>:<pass>
> ftp://<ftp_server_url>/
>
> Give us back this:
> < 220 Server ready for new user.
>
> > USER <user>
>
> < 503 Bad sequence of commands.
> * Access denied: 503
> * Closing connection 0
> curl: (67) Access denied: 503
>
> So, it really looks like if the tls option is just not working at all.

Unless an ftps:// URL is given, or SSL explicitly enabled, the --tlsv1.0
option takes no effect.

Kamil

> Danny
>
> From: curl-users [mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of
> Hilgersom, Danny Sent: Wednesday, January 14, 2015 8:29 AM
> To: curl-users_at_cool.haxx.se<mailto:curl-users_at_cool.haxx.se>
> Subject: problems with TLSv1 curl on Windows
>
> Hi,
>
> We have a connection setup to a vendor that will be using only TLSv1 from
> now on. Before we would connect to them using the SSLv3 option. Now, when I
> want to connect to them I get an error: * successfully set certificate
> verify locations:
> * CAfile: ca-bundle.pem
> CApath: none
> * TLSv1.0, TLS handshake, Client hello (1):
> * TLSv1.0, TLS handshake, Server hello (2):
> * TLSv1.0, TLS alert, Server hello (2):
> * error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext
> * Closing connection 0
> curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext
>
> We are using curl 7.40 and running W2K8 R2.
>
> We've tried multiple ways to connect with multiple options, but all this to
> no avail.
>
> These are the commands that we tried:
> curl.exe" -v --ssl-reqd --cert <certfile>.crt:<pass> --key
> <private_keyfile>.key --cacert ca-bundle.pem --user <users>:<pass>
> ftp://<ftp_server_url>/ curl.exe" -v -TLSv1 --ssl-reqd --cert
> <certfile>.crt:<pass> --key <private_keyfile>.key --cacert ca-bundle.pem
> --user <users>:<pass> ftp://<ftp_server_url>/
>
> The old command we used and which worked just fine is:
> curl.exe" -v -SSLv3 --ssl-reqd --cert <certfile>.crt:<pass> --key
> <private_keyfile>.key --cacert ca-bundle.pem --user <users>:<pass>
> ftp://<ftp_server_url>/
>
> Any help would be more then welcome!
>
> Thanks
>
> hilgie
> The information included in this message is personal and/or confidential and
> intended exclusively for the addressees as stated. This message and/or the
> accompanying documents may contain confidential information and should be
> handled accordingly. If you are not the intended reader of this message, we
> urgently request that you notify Centric immediately and that you delete
> this e-mail and any copies of it from your system and destroy any printouts
> immediately. It is forbidden to distribute, reproduce, use or disclose the
> information in this e-mail to third parties without obtaining prior
> permission from Centric. We expressly point out that there are risks
> associated with the use of e-mail. Centric and the companies within the
> group shall not accept any liability whatsoever for damage resulting from
> the use of e-mail. Legally binding obligations can only arise for Centric
> by means of a written instrument, signed by an authorized representative of
> Centric. The information included in this message is personal and/or
> confidential and intended exclusively for the addressees as stated. This
> message and/or the accompanying documents may contain confidential
> information and should be handled accordingly. If you are not the intended
> reader of this message, we urgently request that you notify Centric
> immediately and that you delete this e-mail and any copies of it from your
> system and destroy any printouts immediately. It is forbidden to
> distribute, reproduce, use or disclose the information in this e-mail to
> third parties without obtaining prior permission from Centric. We expressly
> point out that there are risks associated with the use of e-mail. Centric
> and the companies within the group shall not accept any liability
> whatsoever for damage resulting from the use of e-mail. Legally binding
> obligations can only arise for Centric by means of a written instrument,
> signed by an authorized representative of Centric.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-01-15