curl-library
7.39.0 Test 2034 (https get with SSL pinning) failing on RHEL 5 and 6
Date: Wed, 05 Nov 2014 12:53:29 +0000
Perhaps this is related to the relatively old OpenSSL versions in these
OSes?
Relevant logs seem to be:
=== Start of file stderr2034
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0curl: (90) SSL: public key does not match pinned public key
=== End of file stderr2034
=== Start of file trace2034
12:07:33.308497 == Info: Hostname was NOT found in DNS cache
12:07:33.308646 == Info: Trying ::1...
12:07:33.308850 == Info: connect to ::1 port 8981 failed: Connection
refused
12:07:33.308877 == Info: Trying 127.0.0.1...
12:07:33.308943 == Info: Connected to localhost (127.0.0.1) port 8981 (#0)
12:07:33.309370 == Info: successfully set certificate verify locations:
12:07:33.309376 == Info: CAfile: ./certs/EdelCurlRoot-ca.crt
CApath: none
12:07:33.309453 == Info: SSLv3, TLS handshake, Client hello (1):
12:07:33.309459 => Send SSL data, 246 bytes (0xf6)
0000: ......TZ..:..Q1).v.E.=......En '...f.R..x.0.,.(.$.........k.j.9.
0040: 8.....2...*.&.......=.5.../.+.'.#.........g.@.3.2.........E.D...
0080: ..1.-.).%...........<./...A.........Q.........localhost.........
00c0: ..............". .....................................
12:07:33.309634 == Info: SSLv3, TLS handshake, Server hello (2):
12:07:33.309670 <= Recv SSL data, 847 bytes (0x34f)
0000: ...K..H..E0..A0..)...........|j0...*.H........0g1.0...U....NN110
0040: /..U...(Edel Curl Arctic Illudium Research Cloud1%0#..U....Nothe
0080: rn Nowhere Trust Anchor0...100527213711Z..180813213711Z0T1.0...U
00c0: ....NN110/..U...(Edel Curl Arctic Illudium Research Cloud1.0...U
0100: ....localhost0..0...*.H............0.......'y&,.......v....h..rw
0140: .8.`.q...&{!.m...v.l.*-}..o.X.....%..WI.....y..m....g.?.1....9i.
0180: ....[.r...k.fc.a)........UWa.J......eB.gd.........0..0...U....0.
01c0: ..localhost0...U....... 0...U.%..0...+.......0...U.......i..p:..
0200: .*p.;G..?..m0...U.#..0....>.9..\.&..L&i!..N6.0...U.......0.0...*
0240: .H.............{......8...x..0]....n.Zst..0I..y.Z.q.._..Z..mA...
0280: O..e.....yb..t......_.(...V...........X.m..D......=:.. r.88....`
02c0: ?N0@.V)p...._p..Q.... Nv.....%.:.&.P*...!.... ...7....zS.&.8,...
0300: .....2...5...D.C.#..D.... 7...!OK..M.A..N.).....<u.C..+.........
0340: s.^.8}........u
12:07:33.309982 == Info: SSLv3, TLS handshake, Server finished (14):
12:07:33.309987 <= Recv SSL data, 4 bytes (0x4)
0000: ....
12:07:33.310125 == Info: SSLv3, TLS handshake, Client key exchange (16):
12:07:33.310130 => Send SSL data, 134 bytes (0x86)
0000: ......sw]K.m.9....E*.F....X]..../t.c.!....S.<b.1JT.._....r...=..
0040: .".^?kr....y....!^?...|....C^?.Dr-.S.....".;........!.}]YSat._*u.%.
0080: .3....
12:07:33.310147 == Info: SSLv3, TLS change cipher, Client hello (1):
12:07:33.310150 => Send SSL data, 1 bytes (0x1)
0000: .
12:07:33.310214 == Info: SSLv3, TLS handshake, Finished (20):
12:07:33.310218 => Send SSL data, 16 bytes (0x10)
0000: .....-E.46.Y...P
12:07:33.310804 == Info: SSLv3, TLS change cipher, Client hello (1):
12:07:33.310810 <= Recv SSL data, 1 bytes (0x1)
0000: .
12:07:33.310863 == Info: SSLv3, TLS handshake, Finished (20):
12:07:33.310868 <= Recv SSL data, 16 bytes (0x10)
0000: .......L.fxW[...
12:07:33.310882 == Info: SSL connection using TLSv1.2 / AES256-GCM-SHA384
12:07:33.310887 == Info: Server certificate:
12:07:33.310897 == Info: subject: C=NN; O=Edel Curl Arctic
Illudium Research Cloud; CN=localhost
12:07:33.310902 == Info: start date: 2010-05-27 21:37:11 GMT
12:07:33.310906 == Info: expire date: 2018-08-13 21:37:11 GMT
12:07:33.310918 == Info: subjectAltName: localhost matched
12:07:33.310929 == Info: issuer: C=NN; O=Edel Curl Arctic
Illudium Research Cloud; CN=Nothern Nowhere Trust Anchor
12:07:33.310933 == Info: SSL certificate verify ok.
12:07:33.310947 == Info: SSL: public key does not match pinned public key
12:07:33.310955 == Info: Closing connection 0
12:07:33.310982 == Info: SSLv3, TLS alert, Client hello (1):
12:07:33.310987 => Send SSL data, 2 bytes (0x2)
0000: ..
=== End of file trace2034
Any thoughts?
Paul.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-05