On Sat, May 28, 2016 at 05:36:00PM +0100, Sam Kuper wrote:
> in relation to the URL https://profile.mensa.org.uk/contact.aspx .

By the way, the server does not support TLS1.2 or TLS1.1. It understands
TLS1.0 only. That can be considered insecure by some implementations.

> Visiting https://profile.mensa.org.uk/contact.aspx using Iceweasel
> results in no errors or warnings.

Firefox uses NSS cryptographic library.

> $ curl -V
> curl 7.38.0 (i586-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1k
> zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3
>
Your curl uses OpenSSL.

NSS and OpenSSL have different algorithm for traversing certificates in the
chain of trust. If I remember correctly, OpenSSL is not able to find some
longer chain paths. This is especially true if a server does not send all
certificates of the trust chain.

Try to connect by openssl tool (openssl s_client -connect
profile.mensa.org.uk:https). It should display similar error as your curl.

-- Petr

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html