cURL / Mailing Lists / curl-users / Single Mail

curl-users

"alert unknown ca" using -k option

From: Oceanet - Cédric BASSAGET <cedric_at_oceanet.com>
Date: Fri, 10 Jul 2015 09:44:11 +0200

Hello,

I'm facing an issue where curl says :
curl: (56) SSL read: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca, errno 0

Looking in the man page, I found that option --insecure should fix the
problem, but it does not :

[root_at_sar-s1 cert]# sudo -u ftp_assur curl -i
https://xxx.fr/routmedassur/services/portailsso.wsdl -v --key
/etc/pki/tls/private/assur.com.key --cert
/home/sites/www.assur.com/web/cert/dev.assur.com.crt --insecure
* Trying 80.124.164.150...
* Connected to xxx.fr (80.124.x.x) port 443 (#0)
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS change cipher, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* Server certificate:
* subject: O=ARKEA; OU=ARKEA TEST ENVIRONMENT; CN=xxx
* start date: 2010-02-01 08:50:15 GMT
* expire date: 2020-01-30 08:50:15 GMT
* issuer: C=FR; ST=FR-29; L=city; O=Federal Service;
OU=Certification Authority; CN=Federal Service CA; emailAddress=mail_at_mail.fr
* SSL certificate verify result: unable to get local issuer
certificate (20), continuing anyway.
> GET /routmedassur/services/portailsso.wsdl HTTP/1.1
> Host: xxx.fr
> User-Agent: curl/7.43.0
> Accept: */*
>
* TLSv1.0 (IN), TLS handshake, Hello request (0):
* TLSv1.0 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Request CERT (13):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Certificate (11):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS handshake, CERT verify (15):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS alert, Server hello (2):
* SSL read: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca, errno 0
* Closing connection 0
curl: (56) SSL read: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca, errno 0

Isn't -k option made for allowing unknown CAs ?
As the company does not want to give me it's CA, what can I do ?

ftp_assur has correct permissions on key and cert files.

Regards,
Cédric
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-07-10

This message: [ Message body ]
Next message: David Niklas: "Curl downloads file that is way too big"
Previous message: Oceanet - Cédric BASSAGET: "Re: cURL / unable to set private key file"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]