cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-users Mailing List Archives

Re: curl https hang problem

From: Sid Chang <sid_at_adth.com>
Date: Thu, 05 Oct 2006 19:54:08 -0400

>> But, when I tested curl with https, it simply hangs, while http works
fine.
>> What may have gone wrong here?
>
>Hard to tell, you need to do some debugging around curl's use of the OpenSSL
>functions. Could it be a bad random device configured?

Dan, Good hunch. I picked the wrong random device - random instead of urandom.
Now I'm getting "error:14090086...". Could you translate that into
simpler terms?
Btw, the https test server (see clip below) has a valid and current Thawte
SSL cert.

----------------------------------------------------------------------------------------------------------------
# cd /mnt/curl/bin
# ./curl -v 'https://b2b.adth.com'
* About to connect() to b2b.adth.com port 443
* Trying 67.90.130.174... connected
* Connected to b2b.adth.com (67.90.130.174) port 443
* successfully set certificate verify locations:
* CAfile: /mnt/curl/share/curl/curl-ca-bundle.crt
   CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
faild* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
faildMore details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
  of Certificate Authority (CA) public keys (CA certs). The default
  bundle is named curl-ca-bundle.crt; you can specify an alternate file
  using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
  the bundle, the certificate verification probably failed due to a
  problem with the certificate (it might be expired, or the name might
  not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
  the -k (or --insecure) option.

Sid
Received on 2006-10-06

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET