cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: connect failed

From: Jill Tovey <jill.tovey_at_bigbluedoor.com>
Date: 08 Apr 2003 15:14:52 +0100

okay,

well I am narrowing it down to a certificate error.

on looking at the url:

https://localhost/snortcenter/sensor.php?

it returns
curl: (35) SSL: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

however, telling curl to ignore it

( curl -k https://localhost/snortcenter/sensor.php? )

doesn't do anything?

so...

resorting to creating a certificate,

I am following the apache FAQ, but obviously I am doing something
wrong..

hopefully someone here might have an idea what, so here is what I have
put in the httpd.conf:

<VirtualHost "https://localhost/snortcenter/sensor.php:443">
SSLEnable
SSLCertificateFile /usr/lib/ssl/certs/httpsd.pem
SSLCertificateKeyFile /usr/lib/ssl/certs/private/httpsd.pem
SSLVerifyClient 0
SSLVerifyDepth 10
SSLRequiredCiphers
NULL-MD5:RC4-MD5:EXP-RC4-MD5:RC2-CBC-MD5:IDEA-CBC-MD5:DES-CBC-MD5:DES-CBC-SHA:DES-CBC3-MD5:DES-CBC3-SHA:DES-CFB-M1
SSLRequireCipher NULL-MD5 RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 IDEA-CBC-MD5
DES-CBC-MD5 DES-CBC-SHA DES-CBC3-MD5 DES-CBC3-SHA DES-CFB-M1
SSLBanCipher NULL
</VirtualHost>

on typing "httpd reload"
it tells me there is a syntax error and the port must be numeric
443 - it is numeric isn't it ?!

On Tue, 2003-04-08 at 11:49, Ralph Mitchell wrote:
> Jill wrote:
>
> > On Tue, 2003-04-08 at 11:13, Daniel Stenberg wrote:
> > > On Tue, 8 Apr 2003, Jill wrote:
> > >
> > > > I have gone through both the curl and snort archives but found no solution.
> > > >
> > > > I am trying to connect my snort sensor on 127.0.0.1:2525
> > > >
> > > > and I get this sensor message:
> > > > curl: (7) Connect failed
> > >
> > [ snip ]
> > >
> > > > I have also seen issues related to proxies - I am not using a proxy but a
> > > > router (DG814) and I have forwarded port 2525 to 127.0.0.1.
> > >
> > > You forwarded a port to an IP adress?
> > >
> > yes
>
> OK, wait a minute... Is this snort sensor on the same box as everything else
> (apache, your browser, etc)? Or is it something that lurks on your network?
>
> If it's a separate box, how did you forward the port? Because if you told just
> told it to forward to 127.0.0.1, that's the loopback address for itself, and the
> info will go nowhere.
>
> Without giving away anything sensitive, can you give us a little more detail about
> how things are connected together? I.e. Box A(snort sensor) -> Box B(router) ->
> Box C(web server), etc. I get the feeling we're starting in the middle of a
> conversation and have missed something vital...
>
> Ralph Mitchell
>
>
>
> > > > I have also tried taking down the firewall but no joy.
> > >
> > > What for?
> >
> > pass
> > >
> > > > I can't connect to port 2525 at all, but can't see why!
> > >
> > > What are you running on that port then? Have you verified that it works?
> > >
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ValueWeb:
> Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
> No other company gives more support or power for your dedicated server
> http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
Received on 2003-04-08