curl-library
Re: SSL certificate problem diffrent behavior
Date: Tue, 28 Jan 2014 17:36:21 +0100
Hi,
Thank you for your responses.
In fact,I am compiling with openembedded, I dont have "openssl" executable
in my embedded platform. I have only .so files.
could that lead to the problem that I am facing ?
Thank you !
2014-01-07 Dima Tisnek <dimaqq_at_gmail.com>
> please validate both platforms with "openssl s_client" first.
> when it comes to embedded, the first error cause that comes to mind is
> wrong or unset system time. date and time are required to validate
> certificate chain.
>
> On 3 January 2014 18:43, bill dr <bilel.dr_at_gmail.com> wrote:
> > Hi all,
> > I am using libcurl to download files from a https server using self
> > signed cert file.
> > The small code that I wrote is working on my ubuntu PC but not working
> > in the target plateform.
> > I tested also with command line curl and I had the same certification
> issue.
> > The two plateforms are quite diffrent but I don't know the root cause
> > of this problem.
> >
> > following the used command in both platforms and the output that I
> > have got + the result of curl -V command in both platforms :
> >
> >
> >
> > curl -v --digest --noproxy 10.1.1.93 --user test:test --cacert
> > server.crt https://10.1.1.93/test.txt
> >
> >
> >
> ----------------------------------------------------------------------------------------------
> > result in PC:
> >
> >
> > * About to connect() to 10.1.1.93 port 443 (#0)
> > * Trying 10.1.1.93... connected
> > * Connected to 10.1.1.93 (10.1.1.93) port 443 (#0)
> > * successfully set certificate verify locations:
> > * CAfile: server.crt
> > CApath: /etc/ssl/certs
> > * SSLv3, TLS handshake, Client hello (1):
> > * SSLv3, TLS handshake, Server hello (2):
> > * SSLv3, TLS handshake, CERT (11):
> > * SSLv3, TLS handshake, Server key exchange (12):
> > * SSLv3, TLS handshake, Server finished (14):
> > * SSLv3, TLS handshake, Client key exchange (16):
> > * SSLv3, TLS change cipher, Client hello (1):
> > * SSLv3, TLS handshake, Finished (20):
> > * SSLv3, TLS change cipher, Client hello (1):
> > * SSLv3, TLS handshake, Finished (20):
> > * SSL connection using DHE-RSA-AES256-SHA
> > * Server certificate:
> > * subject: ...............
> > * start date: 2013-12-19 11:30:22 GMT
> > * expire date: 2023-12-17 11:30:22 GMT
> > * common name: 10.1.1.93 (matched)
> > * issuer:......................
> > * SSL certificate verify ok.
> > * Server auth using Digest with user 'test'
> >> GET /suota_manifest.json HTTP/1.1
> >> User-Agent: curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7
> OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> >> Host: 10.1.1.93
> >> Accept: */*
> >
> >
> --------------------------------------------------------------------------------------------
> >
> > curl -V
> > curl 7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k
> > zlib/1.2.3.3 libidn/1.15
> > Protocols: tftp ftp telnet dict ldap ldaps http file https ftps
> > Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
> >
> >
> ----------------------------------------------------------------------------------------------
> >
> >
> > result in embedded plateform:
> >
> >
> >
> > * About to connect() to 10.1.1.93 port 443 (#0)
> > * Trying 10.1.1.93...
> > * connected
> > * Connected to 10.1.1.93 (10.1.1.93) port 443 (#0)
> > * successfully set certificate verify locations:
> > * CAfile: server.crt
> > CApath: none
> > * SSLv3, TLS handshake, Client hello (1):
> > * SSLv3, TLS handshake, Server hello (2):
> > * SSLv3, TLS handshake, CERT (11):
> > * SSLv3, TLS alert, Server hello (2):
> > * SSL certificate problem, verify that the CA cert is OK. Details:
> > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> > verify failed
> > * Closing connection #0
> > curl: (60) SSL certificate problem, verify that the CA cert is OK.
> Details:
> > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> > verify failed
> > More details here: http://curl.haxx.se/docs/sslcerts.html
> >
> > curl performs SSL certificate verification by default, using a "bundle"
> > of Certificate Authority (CA) public keys (CA certs). If the default
> > bundle file isn't adequate, you can specify an alternate file
> > using the --cacert option.
> > If this HTTPS server uses a certificate signed by a CA represented in
> > the bundle, the certificate verification probably failed due to a
> > problem with the certificate (it might be expired, or the name might
> > not match the domain name in the URL).
> > If you'd like to turn off curl's verification of the certificate, use
> > the -k (or --insecure) option.
> >
> >
> ----------------------------------------------------------------------------------------------
> >
> > curl -V
> > curl 7.24.0 (arm-angstrom-linux-gnueabi) libcurl/7.24.0 OpenSSL/1.0.0j
> > zlib/1.2.6 libidn/1.24
> > Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> > rtsp smtp smtps telnet tftp
> > Features: IDN NTLM NTLM_WB SSL libz
> >
> >
> ----------------------------------------------------------------------------------------------
> >
> > Could you please help me to find what is going wrong ?
> > Thank you!
> > -------------------------------------------------------------------
> > List admin: http://cool.haxx.se/list/listinfo/curl-library
> > Etiquette: http://curl.haxx.se/mail/etiquette.html
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-28