Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
RE: SEC_ERROR_BAD_SIGNATURE
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Vikram Darsi via curl-users <curl-users_at_cool.haxx.se>
Date: Thu, 25 Mar 2021 05:55:58 +0000
Hi
Thanks for your inputs Daniel Stenberg
Now I have made curl to have openssl as its TLS backend, it started working.
Thanks
Vikram
-----Original Message-----
From: Daniel Stenberg <daniel_at_haxx.se>
Sent: Wednesday, March 24, 2021 12:38 PM
To: Vikram Darsi via curl-users <curl-users_at_cool.haxx.se>
Cc: Vikram Darsi <VDarsi_at_adva.com>
Subject: Re: SEC_ERROR_BAD_SIGNATURE
External email: [daniel_at_haxx.se]
......................................................................
On Wed, 24 Mar 2021, Vikram Darsi via curl-users wrote:
> * NSS error -8182 (SEC_ERROR_BAD_SIGNATURE)
>
> curl --verbose -vvv -i --resolve advaoptical.com:9443:10.1.23.39
> --cacert ca.cer --cert ./client.cer --key client.key -H "Accept:
> multipart/mixed" -H
> "Content-Type: application/json" -X POST -d '{"auth-token":"CA151"
> ,"sw-version":"20.1.1"}'
> https://advaoptical.com:9443/authserver/authorize
1. "-vvv" doen't add more verbose, it's a boolean. -v is enough 2. "-X POST" is not helping when you use -d
> I have written a sample java program, to verify whether the server
> certificate is signed by this public-key, this test is passed. python
> requests library also confirms that the certificate is valid
I bet neither of those use NSS ?
> curl version used : curl 7.29.0 (x86_64-redhat-linux-gnu)
> libcurl/7.29.0
> NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
An eight year old curl with a less than one year old NSS?
This is probably rather an NSS issue and not a curl one. You can verify that easily by for example trying a curl built with OpenSSL instead and see how that runs.
I suspect your issue is with NSS and using PEM files. As this very old RedHat bug hints at least, it only supports RSA [1] and maybe you're not using that?
[1] = https://urldefense.com/v3/__https://bugzilla.redhat.com/show_bug.cgi?id=748401__;!!PIqRGrUndTen!S3iD6_KJRTt-VH3wG-cR5AHrEkMphl3S0xq5F7-TrWp4f3oaxPkYQ0Sf5CeN$
Date: Thu, 25 Mar 2021 05:55:58 +0000
Hi
Thanks for your inputs Daniel Stenberg
Now I have made curl to have openssl as its TLS backend, it started working.
Thanks
Vikram
-----Original Message-----
From: Daniel Stenberg <daniel_at_haxx.se>
Sent: Wednesday, March 24, 2021 12:38 PM
To: Vikram Darsi via curl-users <curl-users_at_cool.haxx.se>
Cc: Vikram Darsi <VDarsi_at_adva.com>
Subject: Re: SEC_ERROR_BAD_SIGNATURE
External email: [daniel_at_haxx.se]
......................................................................
On Wed, 24 Mar 2021, Vikram Darsi via curl-users wrote:
> * NSS error -8182 (SEC_ERROR_BAD_SIGNATURE)
>
> curl --verbose -vvv -i --resolve advaoptical.com:9443:10.1.23.39
> --cacert ca.cer --cert ./client.cer --key client.key -H "Accept:
> multipart/mixed" -H
> "Content-Type: application/json" -X POST -d '{"auth-token":"CA151"
> ,"sw-version":"20.1.1"}'
> https://advaoptical.com:9443/authserver/authorize
1. "-vvv" doen't add more verbose, it's a boolean. -v is enough 2. "-X POST" is not helping when you use -d
> I have written a sample java program, to verify whether the server
> certificate is signed by this public-key, this test is passed. python
> requests library also confirms that the certificate is valid
I bet neither of those use NSS ?
> curl version used : curl 7.29.0 (x86_64-redhat-linux-gnu)
> libcurl/7.29.0
> NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
An eight year old curl with a less than one year old NSS?
This is probably rather an NSS issue and not a curl one. You can verify that easily by for example trying a curl built with OpenSSL instead and see how that runs.
I suspect your issue is with NSS and using PEM files. As this very old RedHat bug hints at least, it only supports RSA [1] and maybe you're not using that?
[1] = https://urldefense.com/v3/__https://bugzilla.redhat.com/show_bug.cgi?id=748401__;!!PIqRGrUndTen!S3iD6_KJRTt-VH3wG-cR5AHrEkMphl3S0xq5F7-TrWp4f3oaxPkYQ0Sf5CeN$
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://urldefense.com/v3/__https://www.wolfssl.com/contact/__;!!PIqRGrUndTen!S3iD6_KJRTt-VH3wG-cR5AHrEkMphl3S0xq5F7-TrWp4f3oaxPkYQ0xUoQ-8$ Please see our privacy statement at https://www.adva.com/en/about-us/legal/privacy-statement for details of how ADVA processes personal information. ----------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-03-25