cURL / Mailing Lists / curl-library / Single Mail

curl-library

decryption error - perl program works in cygwin but not in Linux.

From: ClŠudio Sampaio <patola_at_gmail.com>
Date: Mon, 28 Dec 2009 18:55:50 -0200

Hi all,

I have some serious problem - I have developed a perl program with libcurl
that logs in to a site that seem to use a nonconventional certificate
authority. When I try to connect to it from Linux (Ubuntu
9.10, libcurl3-7.19.5-1ubuntu2,
libcurl3-gnutls-7.19.5-1ubuntu2, libwww-curl-perl-4.07-1,
libssl0.9.8-0.9.8g-16ubuntu3):

*** LOGIN: We'll log in to Maximo.
*** URL: https://xxxxxxx.xxx.xxx.com/sdm/j_security_check
*** POST:
j_username=myusername&j_password=mypassword&login=true&langcode=EN&login_hidden.x=0&login_hidden.y=0
**** ONLY_POST: url=https://xxxxxxx.xxx.xxx.com/sdm/j_security_check,
post=j_username=myusername&j_password=mypassword&login=true&langcode=EN&login_hidden.x=0&login_hidden.y=0
* About to connect() to xxxxxxx.xxx.xxx.com port 443 (#0)
* Trying 200.200.200.200... * connected
* Connected to xxxxxxx.xxx.xxx.com (200.200.200.200) port 443 (#0)
* found 145 certificates in /etc/ssl/certs/ca-certificates.crt
* gnutls_handshake() failed: Decryption has failed.
* Closing connection #0
*** ERROR When try to use url:
https://xxxxxxx.xxx.xxx.com/sdm/j_security_check, post
j_username=myusername&j_password=mypassword&login=true&langcode=EN&login_hidden.x=0&login_hidden.y=0
-- Resource temporarily unavailable, 35

----------------------------
In Windows (curl 7.16.3-1, libcurl4 7.16.3-1, openssl 0.9.8I-1):
*** LOGIN: We'll log in to XXXXXX.
*** URL: https://xxxxxxx.xxx.xxx.com/sdm/j_security_check
*** POST:
j_username=myusername&j_password=mypassword&login=true&langcode=EN&login_hidden.x=0&login_hidden.y=0
**** ONLY_POST: url=https://xxxxxxx.xxx.xxx.com/sdm/j_security_check,
post=j_username=myusername&j_password=mypassword&login=true&langcode=EN&login_hidden.x=0&login_hidden.y=0
* About to connect() to xxxxxxx.xxx.xxx.com port 443 (#0)
* Trying 200.200.200.200... * connected
* Connected to xxxxxxx.xxx.xxx.com (200.200.200.200) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/curl-ca-bundle.crt
  CApath: none
* SSL connection using AES256-SHA
* Server certificate:
* subject: /C=US/ST=New York/L=Poughkeepsie/O=IBM/CN=
xxxxxxx.xxx.xxx.com
* start date: 2009-10-04 17:17:20 GMT
* expire date: 2012-10-05 22:53:18 GMT
* issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
* SSL certificate verify ok.
> POST /sdm/j_security_check HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 6.01; Windows NT 5.0)
Host: xxxxxxx.xxx.xxx.com
Accept: */*
Content-Length: 107
Content-Type: application/x-www-form-urlencoded

< HTTP/1.1 302 Found
< Date: Mon, 28 Dec 2009 20:31:41 GMT
< Server: IBM_HTTP_Server/6.0.2.33 Apache/2.0.47 (Unix)
< Location: https://xxxxxxx.xxx.xxx.com/sdm/
* Added cookie
LtpaToken2="BlQLp/H8nOCY7FO5iTNSGbxOBPxjPmujbL8QCIWUwJYZ2sQHfvEPXo2lpmbMgkxBegjwJtSsAHjG7gmqmKePPlaZbTNOvRwXWzY1KXCoiSzA6VBr28xEG9zlHHhEo+/U0ZzsVEe6TTjhvviFl0g2+mTZs0ztuibfjZS/KUfs3FkS/52XgZypU1RbjGfNDfkDv
A1QOJ9dFyphGywBsmwlU1cR8gERDg2HCAJuXL0PO6FMPz+vte2BPJI7g8nk43bKpeqCIJccZWE58lZOjcI6nRqB30XXTbX1z55ww4M8Jjk310eInUTPqyn/jUD2WzBuSYc9zEu3iH+uVdF9pnUjUUUt9oUBLMlg2rMECaScJrAhc3y6Wleqn/mZt5LM9mGdRyUFL6xdCDGRdWpXX7Kwu7PXSZut5
siKmLkm5COuoY9HqqRM8WGLJdWdXVw4xWb1L0+0/N7e+Zgv8cdJzT57sQGFl59CjgoYCejtCjFpB9qB3/mbf8PvE2njiE6rjTcjSTN5veKhFVLwcNvR+0vcR6datUkcb2zvOCtg3q9/wbIIkKkL3+NIMn1xZgEDTkv4L8EIH0afv4uZlRuKupucLh6WhBz2ALqmVA+j7IifQMNnC580jgTkfXkEa
ND06fXZ4hi40cWOxGLHYLHy+n2UUTECRqwqHErxlkh+WymbRlemBHb58ezQvu6W3bRdut+RmN5LudHH1E9RUpaHP/uK/e+d0we+Xhl86ocwhRuJSF4="
for domain xxxxxxx.xxx.xxx.com, path /, expire 0
< Set-Cookie:
LtpaToken2=BlQLp/H8nOCY7FO5iTNSGbxOBPxjPmujbL8QCIWUwJYZ2sQHfvEPXo2lpmbMgkxBegjwJtSsAHjG7gmqmKePPlaZbTNOvRwXWzY1KXCoiSzA6VBr28xEG9zlHHhEo+/U0ZzsVEe6TTjhvviFl0g2+mTZs0ztuibfjZS/KUfs3FkS/52XgZypU1RbjGfNDfkDvA1
QOJ9dFyphGywBsmwlU1cR8gERDg2HCAJuXL0PO6FMPz+vte2BPJI7g8nk43bKpeqCIJccZWE58lZOjcI6nRqB30XXTbX1z55ww4M8Jjk310eInUTPqyn/jUD2WzBuSYc9zEu3iH+uVdF9pnUjUUUt9oUBLMlg2rMECaScJrAhc3y6Wleqn/mZt5LM9mGdRyUFL6xdCDGRdWpXX7Kwu7PXSZut5si
KmLkm5COuoY9HqqRM8WGLJdWdXVw4xWb1L0+0/N7e+Zgv8cdJzT57sQGFl59CjgoYCejtCjFpB9qB3/mbf8PvE2njiE6rjTcjSTN5veKhFVLwcNvR+0vcR6datUkcb2zvOCtg3q9/wbIIkKkL3+NIMn1xZgEDTkv4L8EIH0afv4uZlRuKupucLh6WhBz2ALqmVA+j7IifQMNnC580jgTkfXkEaND
06fXZ4hi40cWOxGLHYLHy+n2UUTECRqwqHErxlkh+WymbRlemBHb58ezQvu6W3bRdut+RmN5LudHH1E9RUpaHP/uK/e+d0we+Xhl86ocwhRuJSF4=;
Path=/
* Added cookie
LtpaToken="oo/p0vusSjdPqhIWo0rNt2GNY75yMXFsia8+XFl2h6/3QxESTBkvv/e+lES8mjcJrWyD+v2HlkzV7Q7T6ZQdCDVkN5A3bmSRBhxfhOuS76jiIXOWf1rpbeqFWHmX1ZSXvrQLyEwpkz/+jeJ1ZvIo+1S6cj9M+MWPWibiXARjY2/o5EnZRs7G66xQ1reJLSkmv2
jeQFU+NP4PuRpqfIG/m/cfn/CjGcN0VwRJmOFxCAzmqA9vQRKNZ1yN8zybVr2bOuki0QXxmEk/k1hm8SSSuIBBM6SFNsNd"
for domain xxxxxxx.xxx.xxx.com, path /, expire 0
< Set-Cookie:
LtpaToken=oo/p0vusSjdPqhIWo0rNt2GNY75yMXFsia8+XFl2h6/3QxESTBkvv/e+lES8mjcJrWyD+v2HlkzV7Q7T6ZQdCDVkN5A3bmSRBhxfhOuS76jiIXOWf1rpbeqFWHmX1ZSXvrQLyEwpkz/+jeJ1ZvIo+1S6cj9M+MWPWibiXARjY2/o5EnZRs7G66xQ1reJLSkmv2je
QFU+NP4PuRpqfIG/m/cfn/CjGcN0VwRJmOFxCAzmqA9vQRKNZ1yN8zybVr2bOuki0QXxmEk/k1hm8SSSuIBBM6SFNsNd;
Path=/
< Content-Length: 0
< Content-Type: text/plain
< Content-Language: en
<
* Connection #0 to host xxxxxxx.xxx.xxx.com left intact
(...)

And it works... I don't know why it wouldn't on Linux. I tried to modify the
code so that Linux uses the same certificates as Windows, but it didn't work
also: it pointed to the right certificate files and even told the right
number of certificates, but couldn't decrypt anyway.

The code that does that is the following:

  $curl->setopt(CURLOPT_HEADER,1);
  $curl->setopt(CURLOPT_POST,1);
  $curl->setopt(CURLOPT_FOLLOWLOCATION,1);
  $curl->setopt(CURLOPT_VERBOSE,1);
  $curl->setopt(CURLOPT_SSL_VERIFYHOST,0);
  $curl->setopt(CURLOPT_SSL_VERIFYPEER,0);
# $curl->setopt(CURLOPT_CAINFO,"/home/patola/ibm/curl/curl-ca-bundle.crt");
# This is when I tried to use the windows certificates
#
 $curl->setopt(CURLOPT_ISSUERCERT,"/home/patola/ibm/curl/curl-ca-bundle.crt");
  $curl->setopt(CURLOPT_COOKIEJAR,$cookiesfile);
  $curl->setopt(CURLOPT_COOKIEFILE,$cookiesfile);
  $curl->setopt(CURLOPT_USERAGENT,$useragent);
  $curl->setopt(CURLOPT_URL, $myurl);
  $curl->setopt(CURLOPT_POSTFIELDS, $mypost);
  my $response_body='';

  # NOTE - do not use a typeglob here. A reference to a typeglob is okay
though.
  open (my $fileb, ">", \$response_body);
  $curl->setopt(CURLOPT_WRITEDATA,$fileb);

  if ($options{'verbose'}) { printf "**** ONLY_POST: url=%s, post=%s\n",
$myurl, $mypost }
  # Starts the actual request
  my $retcode = $curl->perform;
  close ($fileb);

Any clues? I don't want to use a program that only works in cygwin... I need
it to work in Linux!

Any response would be appreciated.

Thanks!

ClŠudio "Patola" Sampaio

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-12-28