cURL / Mailing Lists / curl-library / Single Mail

curl-library

7.39.0 Test 2034 (https get with SSL pinning) failing on RHEL 5 and 6

From: Paul Howarth <paul_at_city-fan.org>
Date: Wed, 05 Nov 2014 12:53:29 +0000

Perhaps this is related to the relatively old OpenSSL versions in these
OSes?

Relevant logs seem to be:

=== Start of file stderr2034
    % Total % Received % Xferd Average Speed Time Time Time
  Current
                                   Dload Upload Total Spent Left
  Speed

    0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0curl: (90) SSL: public key does not match pinned public key
=== End of file stderr2034

=== Start of file trace2034
  12:07:33.308497 == Info: Hostname was NOT found in DNS cache
  12:07:33.308646 == Info: Trying ::1...
  12:07:33.308850 == Info: connect to ::1 port 8981 failed: Connection
refused
  12:07:33.308877 == Info: Trying 127.0.0.1...
  12:07:33.308943 == Info: Connected to localhost (127.0.0.1) port 8981 (#0)
  12:07:33.309370 == Info: successfully set certificate verify locations:
  12:07:33.309376 == Info: CAfile: ./certs/EdelCurlRoot-ca.crt
    CApath: none
  12:07:33.309453 == Info: SSLv3, TLS handshake, Client hello (1):
  12:07:33.309459 => Send SSL data, 246 bytes (0xf6)
  0000: ......TZ..:..Q1).v.E.=......En '...f.R..x.0.,.(.$.........k.j.9.
  0040: 8.....2...*.&.......=.5.../.+.'.#.........g.@.3.2.........E.D...
  0080: ..1.-.).%...........<./...A.........Q.........localhost.........
  00c0: ..............". .....................................
  12:07:33.309634 == Info: SSLv3, TLS handshake, Server hello (2):
  12:07:33.309670 <= Recv SSL data, 847 bytes (0x34f)
  0000: ...K..H..E0..A0..)...........|j0...*.H........0g1.0...U....NN110
  0040: /..U...(Edel Curl Arctic Illudium Research Cloud1%0#..U....Nothe
  0080: rn Nowhere Trust Anchor0...100527213711Z..180813213711Z0T1.0...U
  00c0: ....NN110/..U...(Edel Curl Arctic Illudium Research Cloud1.0...U
  0100: ....localhost0..0...*.H............0.......'y&,.......v....h..rw
  0140: .8.`.q...&{!.m...v.l.*-}..o.X.....%..WI.....y..m....g.?.1....9i.
  0180: ....[.r...k.fc.a)........UWa.J......eB.gd.........0..0...U....0.
  01c0: ..localhost0...U....... 0...U.%..0...+.......0...U.......i..p:..
  0200: .*p.;G..?..m0...U.#..0....>.9..\.&..L&i!..N6.0...U.......0.0...*
  0240: .H.............{......8...x..0]....n.Zst..0I..y.Z.q.._..Z..mA...
  0280: O..e.....yb..t......_.(...V...........X.m..D......=:.. r.88....`
  02c0: ?N0@.V)p...._p..Q.... Nv.....%.:.&.P*...!.... ...7....zS.&.8,...
  0300: .....2...5...D.C.#..D.... 7...!OK..M.A..N.).....<u.C..+.........
  0340: s.^.8}........u
  12:07:33.309982 == Info: SSLv3, TLS handshake, Server finished (14):
  12:07:33.309987 <= Recv SSL data, 4 bytes (0x4)
  0000: ....
  12:07:33.310125 == Info: SSLv3, TLS handshake, Client key exchange (16):
  12:07:33.310130 => Send SSL data, 134 bytes (0x86)
  0000: ......sw]K.m.9....E*.F....X]..../t.c.!....S.<b.1JT.._....r...=..
  0040: .".^?kr....y....!^?...|....C^?.Dr-.S.....".;........!.}]YSat._*u.%.
  0080: .3....
  12:07:33.310147 == Info: SSLv3, TLS change cipher, Client hello (1):
  12:07:33.310150 => Send SSL data, 1 bytes (0x1)
  0000: .
  12:07:33.310214 == Info: SSLv3, TLS handshake, Finished (20):
  12:07:33.310218 => Send SSL data, 16 bytes (0x10)
  0000: .....-E.46.Y...P
  12:07:33.310804 == Info: SSLv3, TLS change cipher, Client hello (1):
  12:07:33.310810 <= Recv SSL data, 1 bytes (0x1)
  0000: .
  12:07:33.310863 == Info: SSLv3, TLS handshake, Finished (20):
  12:07:33.310868 <= Recv SSL data, 16 bytes (0x10)
  0000: .......L.fxW[...
  12:07:33.310882 == Info: SSL connection using TLSv1.2 / AES256-GCM-SHA384
  12:07:33.310887 == Info: Server certificate:
  12:07:33.310897 == Info: subject: C=NN; O=Edel Curl Arctic
Illudium Research Cloud; CN=localhost
  12:07:33.310902 == Info: start date: 2010-05-27 21:37:11 GMT
  12:07:33.310906 == Info: expire date: 2018-08-13 21:37:11 GMT
  12:07:33.310918 == Info: subjectAltName: localhost matched
  12:07:33.310929 == Info: issuer: C=NN; O=Edel Curl Arctic
Illudium Research Cloud; CN=Nothern Nowhere Trust Anchor
  12:07:33.310933 == Info: SSL certificate verify ok.
  12:07:33.310947 == Info: SSL: public key does not match pinned public key
  12:07:33.310955 == Info: Closing connection 0
  12:07:33.310982 == Info: SSLv3, TLS alert, Client hello (1):
  12:07:33.310987 => Send SSL data, 2 bytes (0x2)
  0000: ..
=== End of file trace2034

Any thoughts?

Paul.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-05