curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl with tlsv1.2

From: Jan Stary via curl-users <curl-users_at_cool.haxx.se>
Date: Tue, 9 Jul 2019 12:46:51 +0200

Read the error messages:

On Jul 09 08:20:27, curl-users_at_cool.haxx.se wrote:
> Hi All,
>
> I am trying to access URL with https , which is enabled with TLSv1.2 .
>
> I see that the request using curl and it's getting declined from the server
> end.
>
> Below is the curl command and the response i get.
>
> =======================================================
> [root_at_localhost download]# cat
> /opt/abc/download/nexus-1000v.5.2.1.ABCD2.2.2.disk1.vmdk |
> /home/admin/curl-7.36/bin/curl --tlsv1.2 -T - --fail -v --insecure
> --request POST --header "Connection: Keep-Alive" --header "Content-Type:
> application/x-vnd.vmware-streamVmdk"
> https://10.126.129.101/nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk
> * Hostname was NOT found in DNS cache
> * Trying 10.126.129.101...
> * Connected to 10.126.129.101 (10.126.129.101) port 443 (#0)
> * successfully set certificate verify locations:
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> * SSLv3, TLS Unknown, Unknown (22):
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server key exchange (12):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv2, Unknown (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv2, Unknown (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
> * Server certificate:
> * subject: C=US; ST=California; L=Palo Alto; O=VMware; OU=VMware
> Engineering; CN=10.126.129.101; emailAddress=vmca_at_vmware.com
> * start date: 2019-06-11 07:43:54 GMT
> * expire date: 2024-06-10 07:43:54 GMT
> * issuer: CN=CA; DC=vsphere; DC=local; C=US; ST=California;
> O=localhost.localdom; OU=VMware
> * SSL certificate verify result: self signed certificate in
> certificate chain (19), continuing anyway.
                          ^^^^^^^^^^^^^^^^^^^

> * SSLv2, Unknown (23):
> > POST /nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk HTTP/1.1
> > User-Agent: curl/7.36.0
> > Host: 10.126.129.101
> > Accept: */*
> > Transfer-Encoding: chunked
> > Connection: Keep-Alive
> > Content-Type: application/x-vnd.vmware-streamVmdk
> > Expect: 100-continue
> >
> * SSLv2, Unknown (23):
> * The requested URL returned error: 404 Not Found
                                      ^^^^^^^^^^^^^^^

> * Closing connection 0
> * SSLv2, Unknown (21):
> * SSLv3, TLS alert, Client hello (1):
> curl: (22) The requested URL returned error: 404 Not Found
> [root_at_localhost download]#
> =======================================================
> Queries her are like
>
> 1. How to know on which stage it's getting declined?.
> 2. Is this because of any certificate error?.
>
> if i run openssl -client i get to know below details.
>
> =============================================================
> [root_at_localhost ~]# openssl s_client -connect 10.126.129.101:443
> CONNECTED(00000004)
> depth=1
> /CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
> Certificate chain
> 0 s:/C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=
> 10.126.129.101/emailAddress=vmca_at_vmware.com
>
> i:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
> 1
> s:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
>
> i:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIID4zCCAsugAwIBAgIJAOw3sQQ9l5DyMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD
> VQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ
> FgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGzAZBgNV
> BAoMEmxvY2FsaG9zdC5sb2NhbGRvbTEPMA0GA1UECwwGVk13YXJlMB4XDTE5MDYx
> MTA3NDM1NFoXDTI0MDYxMDA3NDM1NFowgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
> DApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xDzANBgNVBAoMBlZNd2Fy
> ZTEbMBkGA1UECwwSVk13YXJlIEVuZ2luZWVyaW5nMRcwFQYDVQQDDA4xMC4xMjYu
> MTI5LjEwMTEeMBwGCSqGSIb3DQEJARYPdm1jYUB2bXdhcmUuY29tMIIBIjANBgkq
> hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/TrYvsqg2xFDYud6oJauZ1NkQYLGqCP
> iF3bq6Au+mecJ80vqSDg3loXlqd//Q7ItI+Huh1BJd7Cc0bGqCqAx3RDO4ChAlim
> VSzxYhOH1TyxOr41tcxw4/kamUvJ0P8CVGS8blt4rnIoQEzJiteYshgI9f1Chouj
> S+TPspUiC7MuKjTQaciNSZY0rdGTP7K1KukEDAeaGd0RklQsaXJzujWX1rnu6Zxp
> SW7t9X6xcAwOI0Fl2Ig+lFG+AAFjx13eJKjpBcByCVrGnpQWd6ppB7P/nv+mzIlf
> TxzMBGEEmt+3A/G3zOyoTG55gIbM7lF58fSo4gSJMTv7cJFhG6AUdQIDAQABozQw
> MjAPBgNVHREECDAGhwQKfoFlMB8GA1UdIwQYMBaAFNc1DpSJQux0e9fTAkpr2i+0
> nhuNMA0GCSqGSIb3DQEBCwUAA4IBAQBfQajg1xTU1bXNIq2Kp8MLG7wv/bfxKj0K
> vE6Pze+TYc9N7k35LpAu1hG17/wIUGqXN4rjua3W4kVK+oqAtuyMcnMHIfvJ23zi
> uF+rl0/FFsAQs6NhUmzom6l/qWZ6R6FRA5UyEm8k7rJ8zt6lhn2zBDPeoX1LQvNI
> LolFXD3dy50v8nvg3TNgHU5m38XtwtUl8TKZDo02JFZCo7bWNyX8yAuCagrpCutt
> T2Ir9WROMxo63kNN1YqUxP3HyXf/YgBVh4teMeojQprU7ELEnmX6wxsbXmrdYnCH
> 1buQbXgVh6zH2pj3IAXq8FzZYpcu1mT31da7Mzyw/nbIJziPh+Ie
> -----END CERTIFICATE-----
> subject=/C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=
> 10.126.129.101/emailAddress=vmca_at_vmware.com
> issuer=/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 2172 bytes and written 447 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1
> Cipher : AES256-SHA
> Session-ID:
> Session-ID-ctx:
> Master-Key:
> 536C3E5057F79501473E1AC6BF291417FCE24D43829181B4F1D909DB677E35B78C3B814272E7316CDEBCA199F4430302
> Key-Arg : None
> Krb5 Principal: None
> Start Time: 1562606628
> Timeout : 300 (sec)
> Verify return code: 19 (self signed certificate in certificate chain)
> ---
> =============================================================
>
> can we use any of the above info to narrow down the issue ?.
>
> Thanks
> RK

> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-07-09