curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: SSL connect error

From: Thierry Huchard via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 09 Dec 2021 09:12:09 +0100

Le 2021-12-08 18:03, Dan Fandrich via curl-library a écrit :
> On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via
> curl-library wrote:
>> I am the maintainer of the sane-escl backend, I have an error on an
>> https
>> access on a canon XK90 scanner.
>> If you have an idea of why and how to bypass it, I'm interested!
>>
>> curl_handle = curl_easy_init();
>> curl_easy_setopt(curl_handle, CURLOPT_URL,
>> "https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities");
>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
>> curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION,
>> memory_callback_c);
>> curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
>> curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION,
>> header_callback);
>> curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void *)header);
>> curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
>> curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
>> CURLcode res = curl_easy_perform(curl_handle);
>> if (res != CURLE_OK) {
>> printf("respond: %s\n", curl_easy_strerror(res)); //
>> respond: SSL
>> connect error
>
> Could it be similar to Github issue #5356? Namely, the scanner is
> running
> years-old firmware that uses a long-obsolete TLS version and OpenSSL is
> now refusing to talk to it for security reasons? What TLS back-end is
> your
> libcurl using? What TLS version does the scanner want to use?

On FreeBSD 12.2-RELEASE, the version of OpenSSL is 1.1.1k and curl is
7.73.0
For the device in question the documentation is not easy to read, the
ideal would have been in French, I could have arranged with English, but
Japanese, not possible!
So I have no information about it, I know that http requests work. I
would have liked to force the discussion.
I will test the https connection and switch to http if it fails...
Thanks for the feedback!

Thierry
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2021-12-09