cURL / Mailing Lists / curl-library / Single Mail

curl-library

example domains now redirected

From: Guenter <lists_at_gknw.net>
Date: Tue, 29 Jan 2013 14:02:20 +0100

The example.[com|edu|net|org] domains are now redirected to
http://www.iana.org/domains/example
which make some of our example codes no longer working unchanged;
I've therefore already added CURLOPT_FOLLOWLOCATION to simple.c and
debug.c which now work fine again; but unfortunately https connections
cant be fixed this way:
curl -Lv https://www.example.com
* About to connect() to www.example.com port 443 (#0)
* Trying 192.0.43.10...
* Connection refused
* couldn't connect to host at www.example.com:443
* Closing connection #0
curl: (7) couldn't connect to host at www.example.com:443

however using the URL to which http redirects works for https:
curl -v https://www.iana.org/domains/example
* About to connect() to www.iana.org port 443 (#0)
* Trying 192.0.32.8...
* connected
* Connected to www.iana.org (192.0.32.8) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate in certificate chain
* Closing connection #0
curl: (60) SSL certificate problem: self signed certificate in
certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html

BTW. while testing this I found that the returned error 60 above seems
wrong or at least misleading because this is a registered certificate:
curl -v --cacert ca-bundle.crt https://www.iana.org/domains/example
* About to connect() to www.iana.org port 443 (#0)
* Trying 192.0.32.8...
* connected
* Connected to www.iana.org (192.0.32.8) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: ca-bundle.crt
   CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: O=*.iana.org; OU=Domain Control Validated; CN=*.iana.org
* start date: 2011-07-22 23:16:34 GMT
* expire date: 2016-08-29 18:00:14 GMT
* subjectAltName: www.iana.org matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.;
OU=http://certificates.godaddy.com/repository; CN=
Go Daddy Secure Certification Authority; serialNumber=07969287
* SSL certificate verify ok.
> GET /domains/example HTTP/1.1
> User-Agent: curl/7.28.1
> Host: www.iana.org
> Accept: */*
[snip]

or is it normal that without a ca-bundle.crt all SSL certs are assumed
to be self signed?

I would like to change the URL in https.c to
https://www.iana.org/domains/example
- any objections?

Gün.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-01-29