curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: A error log when used the curl command tool in embedded linux device

From: 杨俊 <yangjun9772_at_gmail.com>
Date: Wed, 14 Dec 2016 10:59:12 +0800

Hi Ray & Daniel & curler,

I'm so sorry to bring the trouble to you.
And I'm so sorry to send the stupid email. :-(
I have down the new cacert.pem, but it still didn't work.
I did the follow test:
1. checked the file's sha256 in my device and download the new file.
they were the same value.
----------log --------------------
/etc/ssl/certs # sha256sum cacert.pem
cc7c9e2d259e20b72634371b146faec98df150d18dd9da9ad6ef0b2deac2a9d3 cacert.pem
/tmp # ./curl --insecure -fOL https://curl.haxx.se/ca/cacert-2016-11-02.pem
/tmp # sha256sum cacert-2016-11-02.pem
cc7c9e2d259e20b72634371b146faec98df150d18dd9da9ad6ef0b2deac2a9d3
 cacert-2016-11-02.pem
------------------------------------

2. test it in my device, and it was NG.
-----log -----------------
/tmp # ./curl -v --cacert cacert-2016-11-02.pem https://curl.haxx.se
* Rebuilt URL to: https://curl.haxx.se/
* Trying 80.67.6.50...
* TCP_NODELAY set
* Connected to curl.haxx.se (80.67.6.50) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: cacert-2016-11-02.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
---------------------------------------
my version
------------log-------------
/tmp # ./curl -V
curl 7.51.0 (arm-hisiv400-linux-gnueabi) libcurl/7.51.0 OpenSSL/1.1.0c
nghttp2/1.17.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp
smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL TLS-SRP HTTP2 UnixSockets
/tmp #

3. In my PC, I tested the commad of openssl. The result is OK.

4. But in my device, the result is NG.

​/tmp # ./openssl s_client -connect curl.haxx.se:443 -CApath
/tmp/cacert-2016-11-
02.pem
CONNECTED(00000003)
depth=0 CN = anja.haxx.se
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = anja.haxx.se
verify error:num=21:unable to verify the first certificate
verify return:1

---
Certificate chain
 0 s:/CN=anja.haxx.se
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Sorry for my stupid actions again. >"<
Is this email etiquette?
Thanks for your help again.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html

1481683885_1_.png
Received on 2016-12-14