Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: SEC_ERROR_BAD_SIGNATURE
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 24 Mar 2021 08:07:30 +0100 (CET)
On Wed, 24 Mar 2021, Vikram Darsi via curl-users wrote:
> * NSS error -8182 (SEC_ERROR_BAD_SIGNATURE)
>
> curl --verbose -vvv -i --resolve advaoptical.com:9443:10.1.23.39 --cacert
> ca.cer --cert ./client.cer --key client.key -H "Accept: multipart/mixed" -H
> "Content-Type: application/json" -X POST -d '{"auth-token":"CA151"
> ,"sw-version":"20.1.1"}' https://advaoptical.com:9443/authserver/authorize
1. "-vvv" doen't add more verbose, it's a boolean. -v is enough
2. "-X POST" is not helping when you use -d
> I have written a sample java program, to verify whether the server
> certificate is signed by this public-key, this test is passed. python
> requests library also confirms that the certificate is valid
I bet neither of those use NSS ?
> curl version used : curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0
> NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
An eight year old curl with a less than one year old NSS?
This is probably rather an NSS issue and not a curl one. You can verify that
easily by for example trying a curl built with OpenSSL instead and see how
that runs.
I suspect your issue is with NSS and using PEM files. As this very old RedHat
bug hints at least, it only supports RSA [1] and maybe you're not using that?
[1] = https://bugzilla.redhat.com/show_bug.cgi?id=748401
Date: Wed, 24 Mar 2021 08:07:30 +0100 (CET)
On Wed, 24 Mar 2021, Vikram Darsi via curl-users wrote:
> * NSS error -8182 (SEC_ERROR_BAD_SIGNATURE)
>
> curl --verbose -vvv -i --resolve advaoptical.com:9443:10.1.23.39 --cacert
> ca.cer --cert ./client.cer --key client.key -H "Accept: multipart/mixed" -H
> "Content-Type: application/json" -X POST -d '{"auth-token":"CA151"
> ,"sw-version":"20.1.1"}' https://advaoptical.com:9443/authserver/authorize
1. "-vvv" doen't add more verbose, it's a boolean. -v is enough
2. "-X POST" is not helping when you use -d
> I have written a sample java program, to verify whether the server
> certificate is signed by this public-key, this test is passed. python
> requests library also confirms that the certificate is valid
I bet neither of those use NSS ?
> curl version used : curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0
> NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
An eight year old curl with a less than one year old NSS?
This is probably rather an NSS issue and not a curl one. You can verify that
easily by for example trying a curl built with OpenSSL instead and see how
that runs.
I suspect your issue is with NSS and using PEM files. As this very old RedHat
bug hints at least, it only supports RSA [1] and maybe you're not using that?
[1] = https://bugzilla.redhat.com/show_bug.cgi?id=748401
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://www.wolfssl.com/contact/ ----------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-03-24