curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Unable to parse ECDSA and ed25519 keys

From: Santino KEUPP via curl-users <>
Date: Fri, 6 Dec 2019 09:47:38 +0000

Hi all,

we updated libcurl from version 7.55.0 to 7.65.1 (and libssh2 from 1.7.0 to
1.8.1) on an embedded Linux device where we use sftp.
To authenticate the server, we set the option CURLOPT_SSH_KNOWNHOSTS. In the
past, everything worked fine, but now we get the curl error msg 60.

We can also reproduce this behavior on a host PC by just using the curl command line tool on localhost:

$ curl "sftp://localhost:22/" -v -u "user:pw"
*   Trying ::1:22...
* Connected to localhost (::1) port 22 (#0)
* SSH MD5 fingerprint: 7578d40cd7adf746bb1bccf87ef456e0
* SSH host check: 2, key: <none>
* Closing connection 0
curl: (60) SSL peer certificate or SSH remote key was not OK
More details here:
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
It looks like curl (or libssh2) is unable to parse the ECDSA and ed25519 keys provided by the server.
If we remove those public keys from /etc/ssh/ on the server to force the usage of RSA keys, it works (then we also had to replace the public keys in ~/.ssh/known_hosts).
The keys are fine, since they work with the command line tools 'ssh' and 'sftp'.
Is this a bug or do we miss something?
$ uname -a
Linux localhost 5.3.13-gentoo #1 SMP PREEMPT Fri Nov 29 09:35:02 CET 2019 x86_64 Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz GenuineIntel GNU/Linux
$ curl --version
curl 7.66.0 (x86_64-pc-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11 libssh2/1.9.0_DEV
Release-Date: 2019-09-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: HTTPS-proxy IPv6 Largefile libz NTLM SSL TLS-SRP UnixSockets
Kind regards,
Santino Keupp
Die uebermittelten Informationen sind ausschliesslich fuer den oben genannten Adressaten bestimmt. Jede Verwendung, Veroeffentlichung, Vervielfaeltigung ist untersagt. Falls diese Mitteilung bei Ihnen irrtuemlich eingegangen ist, geben Sie uns bitte sofort Bescheid.
The information contained in these documents is intended for the exclusive use of the addressee designated above. Each disclosure, reproduction, distribution is strictly prohibited. If you have received this transmission in error please contact us immediately.
Diehl Metering GmbH
Donaustrasse 120
90451 Nuernberg
Sitz der Gesellschaft: Ansbach, Registergericht: Ansbach HRB 69
Geschäftsführer: Dr. Christof Bosbach (Sprecher), Thomas Gastner, Jean-François Marguet
Informationen zum Datenschutz finden Sie auf unserer Homepage.
Information about data protection can be found on our homepage.

Received on 2019-12-06