The --tlsauthtype command-line option will attempt to use TLS-SRP but fail to send the username in the Client Hello message if specified as 'srp' (instead of 'SRP').
This causes the handshake to always fail with: curl: (35) error:1407745B:SSL routines:SSL23_GET_SERVER_HELLO:reason(1115)) (the "Unknown PSK Identity" alert):
/usr/local/bin/curl -ik -vvv --tlsuser alice --tlspassword password123 https://localhost:8443/ --tlsauthtype SRP # works
/usr/local/bin/curl -ik -vvv --tlsuser alice --tlspassword password123 https://localhost:8443/ --tlsauthtype foo # fails with invalid --tlsauthtype, as expected
/usr/local/bin/curl -ik -vvv --tlsuser alice --tlspassword password123 https://localhost:8443/ --tlsauthtype srp # fails with reason(1115) - not expected
--tlsauthtype srp is missing:
TLS client extension "SRP" (id=12), len=6
0000 - 05 61 6c 69 63 65 .alice
This is caused by src/tool_getparam.c doing a case-insensitive comparison using strequal() but lib/url.c using the case-sensitive strncmp().
Patch attached to change lib/url.c to the case-insensitive strnequal() to fix this. Tested on curl 7.28.0 with OpenSSL 1.0.1c.
Thanks for the report, this problem is now fixed in the git repository.
To try it out, you either checkout/update your git clone: http://curl.haxx.se/source.html
or you try tomorrow's daily snapshot: http://curl.haxx.se/snapshots/