cURL / Mailing Lists / curl-library / Single Mail

curl-library

GnuTLS hostname/IP checking, and 'Did you pass a valid GnuTLS cipher list'

From: David Woodhouse <dwmw2_at_infradead.org>
Date: Sat, 12 Jul 2014 17:28:24 +0100

It looks like curl needs the same workaround for GnuTLS failing to check
IP addresses in gnutls_x509_crt_check_hostname(), as implemented at
http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/gnutls.c#l1795

I couldn't get as far as validating that though; having configured the
git tree with --with-gnutls I can't make an https connection at all. I
just get:

* found 182 certificates in /etc/pki/tls/certs/ca-bundle.crt
* Did you pass a valid GnuTLS cipher list?
* Closing connection 0=
curl: (35) Did you pass a valid GnuTLS cipher list?

-- 
dwmw2

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/x-pkcs7-signature attachment: smime.p7s

Received on 2014-07-12

This message: [ Message body ]
Next message: David Woodhouse: "[PATCH] GnuTLS: Work around failure to check certs against IP addresses"
Previous message: David Woodhouse: "Re: problem using NTLM authentication with default OS credentials"
Next in thread: David Woodhouse: "[PATCH] GnuTLS: Work around failure to check certs against IP addresses"
Reply: David Woodhouse: "[PATCH] GnuTLS: Work around failure to check certs against IP addresses"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]