curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: SSL connect error

From: Daniel Fruzynski via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 09 Dec 2021 12:49:17 +0100

W dniu 2021-12-09 09:12, Thierry Huchard via curl-library napisał(a):
> Le 2021-12-08 18:03, Dan Fandrich via curl-library a écrit :
>> On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via
>> curl-library wrote:
>>> I am the maintainer of the sane-escl backend, I have an error on an
>>> https
>>> access on a canon XK90 scanner.
>>> If you have an idea of why and how to bypass it, I'm interested!
>>>
>>> curl_handle = curl_easy_init();
>>> curl_easy_setopt(curl_handle, CURLOPT_URL,
>>> "https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities");
>>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
>>> curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
>>> curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION,
>>> memory_callback_c);
>>> curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
>>> curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION,
>>> header_callback);
>>> curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void
>>> *)header);
>>> curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
>>> curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
>>> CURLcode res = curl_easy_perform(curl_handle);
>>> if (res != CURLE_OK) {
>>> printf("respond: %s\n", curl_easy_strerror(res)); //
>>> respond: SSL
>>> connect error
>>
>> Could it be similar to Github issue #5356? Namely, the scanner is
>> running
>> years-old firmware that uses a long-obsolete TLS version and OpenSSL
>> is
>> now refusing to talk to it for security reasons? What TLS back-end is
>> your
>> libcurl using? What TLS version does the scanner want to use?
>
> On FreeBSD 12.2-RELEASE, the version of OpenSSL is 1.1.1k and curl is
> 7.73.0
> For the device in question the documentation is not easy to read, the
> ideal would have been in French, I could have arranged with English,
> but Japanese, not possible!
> So I have no information about it, I know that http requests work. I
> would have liked to force the discussion.
> I will test the https connection and switch to http if it fails...
> Thanks for the feedback!
>
> Thierry

Try running following command, it will print more details about what was
going on during connection process:

curl -vk https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities

You can also capture packets using Wireshark and check what happened
during TLS handshake.

Daniel
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2021-12-09