cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: "Unknown SSL protocol" when accessing server from AIX host

From: Alona Rossen <arossen_at_opentext.com>
Date: Wed, 8 Dec 2010 15:32:36 -0500

On 3 December 2010 23:18, Alona Rossen <arossen_at_opentext.com> wrote:
> We use openssl with libcurl to programmatically access, upload to and
> download from various URL's using https, ftps, and smtps protocols. We can
> successfully perform our tasks on  UNIX/Linux and Windows boxes, including
> Solaris on SPARC and Intel, Linux, etc. However, we consistently receive the
> following type of error message when we attempt to access SSL URL from our
> AIX5.3 and AIX6.1 boxes:
>
> INFO_TEXT:
> SSLv3, TLS handshake, Client hello (1):
>
> INFO_TEXT:
> Unknown SSL protocol error in connection to smtp.gmail.com:587
>
> We use OpenSSL 0.9.8e and 0.9.8p. We use libcurl 7.21.0.
> We have verified that correct installation of OpenSSL is being used.

>>>This sounds like it might be more of an OpenSSL problem than a libcurl >>>problem.

>>>Is the openssl command able to connect:

>>>$ openssl s_client -starttls smtp -connect smtp.gmail.com:587

/usr/local/ssl/bin> smtp -connect smtp.gmail.com:587

CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0

---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDWzCCAsSgAwIBAgIKFMs0nQADAAASjjANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMDA0MjIyMDAyNDVaFw0xMTA0MjIyMDEyNDVa
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz4B46NG2l4Bk
DdccddAuuOssQ4ZxCHoyj+ErdlEqZurVCoGQzAkhZTkzHrmIgYmM6roTbkF/zEaa
2ROe9s4VoL4OgUnoyB0u1KbwrG5PHBbsMdk0r6jMmhh+MORFVYgQrFxJnu8GnHiG
W4QhmKVytu0FclYE+F1gOOx5qIgTVCMCAwEAAaOCASwwggEoMB0GA1UdDgQWBBS1
+KKmwdxtkpKkJgvwhZztqe0uszAfBgNVHSMEGDAWgBS/wDDr9UMRPme6npH7/Gra
42sSJDBbBgNVHR8EVDBSMFCgTqBMhkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dv
b2dsZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNy
bDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly93d3cuZ3N0YXRp
Yy5jb20vR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRo
b3JpdHkuY3J0MCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwDQYJ
KoZIhvcNAQEFBQADgYEAUc39Y22ucA2N4mmDdPMC8DKbrRGlGMpC294mfh3yCkJa
YRWjodFQSgCtFyKhTZ9roFpSEL0D4QxAtLSwtC0bSaSVusfAW3/CFgG/Cya724ic
9UoEosoG8CK+eGoGQuEsZ0xR86J5jOs2H+4QPHFCn594V7ZySzdeQi93YV31RBE=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1915 bytes and written 341 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: C15628D929369D3760FAEF75BD40F27893C3FAAAF3832BA27626DA73BA9BB991
    Session-ID-ctx:
    Master-Key: A0D2F464814350D1095C40885D359BF7869A20384A52991E346564C1D26C409C
47715DCFE4F9470D981201547AE43559
    Key-Arg   : None
    Start Time: 1291840272
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 PIPELINING
502 5.5.1 Unrecognized command. k2sm1125862ybj.8
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-12-08