Re: curl with tlsv1.2
Date: Tue, 9 Jul 2019 12:46:51 +0200
Read the error messages:
On Jul 09 08:20:27, curl-users_at_cool.haxx.se wrote:
> Hi All,
>
> I am trying to access URL with https , which is enabled with TLSv1.2 .
>
> I see that the request using curl and it's getting declined from the server
> end.
>
> Below is the curl command and the response i get.
>
> =======================================================
> [root_at_localhost download]# cat
> /opt/abc/download/nexus-1000v.5.2.1.ABCD2.2.2.disk1.vmdk |
> /home/admin/curl-7.36/bin/curl --tlsv1.2 -T - --fail -v --insecure
> --request POST --header "Connection: Keep-Alive" --header "Content-Type:
> application/x-vnd.vmware-streamVmdk"
> https://10.126.129.101/nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk
> * Hostname was NOT found in DNS cache
> * Trying 10.126.129.101...
> * Connected to 10.126.129.101 (10.126.129.101) port 443 (#0)
> * successfully set certificate verify locations:
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> * SSLv3, TLS Unknown, Unknown (22):
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server key exchange (12):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv2, Unknown (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv2, Unknown (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
> * Server certificate:
> * subject: C=US; ST=California; L=Palo Alto; O=VMware; OU=VMware
> Engineering; CN=10.126.129.101; emailAddress=vmca_at_vmware.com
> * start date: 2019-06-11 07:43:54 GMT
> * expire date: 2024-06-10 07:43:54 GMT
> * issuer: CN=CA; DC=vsphere; DC=local; C=US; ST=California;
> O=localhost.localdom; OU=VMware
> * SSL certificate verify result: self signed certificate in
> certificate chain (19), continuing anyway.
^^^^^^^^^^^^^^^^^^^
> * SSLv2, Unknown (23):
> > POST /nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk HTTP/1.1
> > User-Agent: curl/7.36.0
> > Host: 10.126.129.101
> > Accept: */*
> > Transfer-Encoding: chunked
> > Connection: Keep-Alive
> > Content-Type: application/x-vnd.vmware-streamVmdk
> > Expect: 100-continue
> >
> * SSLv2, Unknown (23):
> * The requested URL returned error: 404 Not Found
^^^^^^^^^^^^^^^
> * Closing connection 0
> * SSLv2, Unknown (21):
> * SSLv3, TLS alert, Client hello (1):
> curl: (22) The requested URL returned error: 404 Not Found
> [root_at_localhost download]#
> =======================================================
> Queries her are like
>
> 1. How to know on which stage it's getting declined?.
> 2. Is this because of any certificate error?.
>
> if i run openssl -client i get to know below details.
>
> =============================================================
> [root_at_localhost ~]# openssl s_client -connect 10.126.129.101:443
> CONNECTED(00000004)
> depth=1
> /CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
> Certificate chain
> 0 s:/C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=
> 10.126.129.101/emailAddress=vmca_at_vmware.com
>
> i:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
> 1
> s:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
>
> i:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIID4zCCAsugAwIBAgIJAOw3sQQ9l5DyMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD
> VQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ
> FgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGzAZBgNV
> BAoMEmxvY2FsaG9zdC5sb2NhbGRvbTEPMA0GA1UECwwGVk13YXJlMB4XDTE5MDYx
> MTA3NDM1NFoXDTI0MDYxMDA3NDM1NFowgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
> DApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xDzANBgNVBAoMBlZNd2Fy
> ZTEbMBkGA1UECwwSVk13YXJlIEVuZ2luZWVyaW5nMRcwFQYDVQQDDA4xMC4xMjYu
> MTI5LjEwMTEeMBwGCSqGSIb3DQEJARYPdm1jYUB2bXdhcmUuY29tMIIBIjANBgkq
> hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/TrYvsqg2xFDYud6oJauZ1NkQYLGqCP
> iF3bq6Au+mecJ80vqSDg3loXlqd//Q7ItI+Huh1BJd7Cc0bGqCqAx3RDO4ChAlim
> VSzxYhOH1TyxOr41tcxw4/kamUvJ0P8CVGS8blt4rnIoQEzJiteYshgI9f1Chouj
> S+TPspUiC7MuKjTQaciNSZY0rdGTP7K1KukEDAeaGd0RklQsaXJzujWX1rnu6Zxp
> SW7t9X6xcAwOI0Fl2Ig+lFG+AAFjx13eJKjpBcByCVrGnpQWd6ppB7P/nv+mzIlf
> TxzMBGEEmt+3A/G3zOyoTG55gIbM7lF58fSo4gSJMTv7cJFhG6AUdQIDAQABozQw
> MjAPBgNVHREECDAGhwQKfoFlMB8GA1UdIwQYMBaAFNc1DpSJQux0e9fTAkpr2i+0
> nhuNMA0GCSqGSIb3DQEBCwUAA4IBAQBfQajg1xTU1bXNIq2Kp8MLG7wv/bfxKj0K
> vE6Pze+TYc9N7k35LpAu1hG17/wIUGqXN4rjua3W4kVK+oqAtuyMcnMHIfvJ23zi
> uF+rl0/FFsAQs6NhUmzom6l/qWZ6R6FRA5UyEm8k7rJ8zt6lhn2zBDPeoX1LQvNI
> LolFXD3dy50v8nvg3TNgHU5m38XtwtUl8TKZDo02JFZCo7bWNyX8yAuCagrpCutt
> T2Ir9WROMxo63kNN1YqUxP3HyXf/YgBVh4teMeojQprU7ELEnmX6wxsbXmrdYnCH
> 1buQbXgVh6zH2pj3IAXq8FzZYpcu1mT31da7Mzyw/nbIJziPh+Ie
> -----END CERTIFICATE-----
> subject=/C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=
> 10.126.129.101/emailAddress=vmca_at_vmware.com
> issuer=/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 2172 bytes and written 447 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1
> Cipher : AES256-SHA
> Session-ID:
> Session-ID-ctx:
> Master-Key:
> 536C3E5057F79501473E1AC6BF291417FCE24D43829181B4F1D909DB677E35B78C3B814272E7316CDEBCA199F4430302
> Key-Arg : None
> Krb5 Principal: None
> Start Time: 1562606628
> Timeout : 300 (sec)
> Verify return code: 19 (self signed certificate in certificate chain)
> ---
> =============================================================
>
> can we use any of the above info to narrow down the issue ?.
>
> Thanks
> RK
> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-07-09