Re: php curl insecure connection option is skipped

I Ran the following

-sh-4.2$ HOST=<myhost>; echo | openssl s_client -servername $HOST -connect
$HOST:443 2>/dev/null | openssl x509 -noout -checkhost $HOST
unable to load certificate
139697300731712:error:0906D06C:PEM routines:PEM_read_bio:no start
line:crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE

I added a self signed certificate for this host. Could that be a reason?

On Wed, May 8, 2019 at 11:48 AM Ray Satiro via curl-library <
curl-library_at_cool.haxx.se> wrote:

> On 5/8/2019 12:32 AM, surya chandrika wrote:
>
> Disabling CURLOPT_SSL_VERIFYHOST worked. Yes as you said this is not
> recommended.
> But am not sure why certificate with correct hostname is not recognized
> from uploaded certificate.
> I added certificate in path "/etc/pki/ca-trust/source/anchors/
> In verbose mode it says it got 5 certificate
>
> * found 171 certificates in /etc/pki/tls/certs/ca-bundle.crt
> * *found 5 certificates in /etc/pki/ca-trust/source/anchors/*
>
> *But throw error *SSL: certificate subject name (#1300) does not match
> target host name 'abc.com
>
> Any idea why certificate is not recognized
>
>
> If abc.com is a hostname in the certificate then you should not see that
> message. Check if OpenSSL gives different results:
>
> (HOST=abc.com ; echo | openssl s_client -servername $HOST -connect
> $HOST:443 2>/dev/null | openssl x509 -noout -checkhost $HOST)
>
> Instead of -checkhost $HOST you can use -text to dump the certificate
> details. You should see the hostname in X509v3 Subject Alternative Name.
>
> -------------------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-05-10