SSL: couldn't set callback!
Date: Tue, 27 Apr 2010 12:02:13 +0100
Solaris 10 (Sparc) / OpenSSL 0.9.8l / Curl 1.20.1
I have had to anonymise server names / paths for security reasons....
curl -v https://<server >:5055/services --cacert /<path to> /ca-bundle.pem
--key /<path to KEY> .pem
* About to connect() to <Server> port 5055 (#0)
* Trying <IP Address> ... connected
* Connected to <Host> (<ip address) port 5055 (#0)
* SSL: couldn't set callback!
* successfully set certificate verify locations:
* CAfile: /<path to> ca-bundle.pem
* error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected
* Closing connection #0
curl: (35) error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
# curl -V
curl 7.20.1 (sparc-sun-solaris2.10) libcurl/7.20.1 OpenSSL/0.9.8l zlib/1.2.3
Protocols: dict file ftp ftps http https imap imaps ldap pop3 pop3s rtsp scp
sftp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM SSL libz
So is it Curl or OpenSSL ?
> openssl s_client -connect <the same host>:5055 -key /<Path to key>.pem
-cert /<path to cert>.pem -CAfile /<path to CA> /ca-bundle.pem
depth=1 /C=GB/ST=XXXXX/L=XXXX/O=XXXX/OU=XXXX/CN=XXXXX AMS Certification
<snip the certs etc >
SSL handshake has read 1600 bytes and written 2045 bytes
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Key-Arg : None
Start Time: 1272347229
Timeout : 300 (sec)
Verify return code: 0 (ok)
So SSL Connects, exchanges keys and it all works....
Ideas and suggestions welcome.
-- Alex Collins. Library Systems and Support Officer. Rivermead Library. Tel: 0845 196 3722 firstname.lastname@example.org http://libweb.anglia.ac.uk This product is printed with 100% recycled electrons ! -- EMERGING EXCELLENCE: In the Research Assessment Exercise (RAE) 2008, more than 30% of our submissions were rated as 'Internationally Excellent' or 'World-leading'. Among the academic disciplines now rated 'World-leading' are Allied Health Professions & Studies; Art & Design; English Language & Literature; Geography & Environmental Studies; History; Music; Psychology; and Social Work & Social Policy & Administration. Visit www.anglia.ac.uk/rae for more information. This e-mail and any attachments are intended for the above named recipient(s)only and may be privileged. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone please reply to this e-mail to highlight the error and then immediately delete the e-mail from your system. Any opinions expressed are solely those of the author and do not necessarily represent the views or opinions of Anglia Ruskin University. Although measures have been taken to ensure that this e-mail and attachments are free from any virus we advise that, in keeping with good computing practice, the recipient should ensure they are actually virus free. Please note that this message has been sent over public networks which may not be a 100% secure communications Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2010-04-27