cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Reg:curl NSS -12886 Error in TLS handshake

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Wed, 22 May 2013 12:02:49 +0200

On Wednesday, May 22, 2013 10:47:09 praveen wrote:
> Hi,
>
> I am getting NSS -12286 error while trying to load the https page using
> the ca certificate using cacertinpem.c curl c code.
> i am using cacert.pem file in the code alog with path. but same thing is
> working when i try using curl -v "https://sampleserve.com:443",in this
> case ssl is taking default ca path as "/etc/tls/certs/ca.budle.crt"
>
> But this c code is not working for both default ca location and external
> path selection of ca aswell.
>
> What is the reason for this error(NSS -12286).

-12286 is SSL_ERROR_NO_CYPHER_OVERLAP, you can lookup the error code here:

http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html

If you update to new enough versions of libcurl and NSS, you will get the
human-readable error code and the corresponding error message directly.

> rv=curl_easy_setopt(ch,CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);

The documentation of CURLOPT_SSL_CTX_FUNCTION [1] says:

    This option does only function for libcurl powered by OpenSSL. If libcurl
    was built against another SSL library, this functionality is absent.

and libcurl on your box apparently uses NSS as the SSL library, not OpenSSL.

Kamil

[1] http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLCTXFUNCTION
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-05-22