curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: A error log when used the curl command tool in embedded linux device

From: Ray Satiro via curl-users <curl-users_at_cool.haxx.se>
Date: Tue, 13 Dec 2016 14:36:04 -0500

On 12/13/2016 4:44 AM, 杨俊 wrote:
> I'm sorry I don't know what SNI is. >"<
> Could you tell me more details?
> >So you got the cert for the default site on the machine and not for
> curl.haxx.se <http://curl.haxx.se/>
> Is this meaning I got the cacert.pem from the website, but the machine
> actually didn't use it?

I'm going to answer all of your e-mails at once here. Please do not
top-post [1], it is bad etiquette on mailing lists because it makes the
conversation hard to follow, and hard to quote. Like right now I could
try to put all your replies in context but it's more work because you
top-posted.

You are obviously new at this. We get it. Also I think some of the
confusion may be due the differences between English and Chinese
languages. But you have to put in some work. You could at least do a
google search or two. SNI stands for Server Name Indication [2]. It is
widely used. The reason your OpenSSL command shows the certificate for
'anja.haxx.se' is because you did not use the -servername option to
enable SNI. For example:

openssl s_client -servername curl.haxx.se -connect curl.haxx.se:443

The reason your curl command doesn't doesn't work could be because you
copied and pasted the cacert.pem and removed the carriage returns
manually. I'd guess you accidentally corrupted the certificate bundle.
Try downloading the cacert.pem in curl --insecure mode and then verify
the sha256 hash:

curl --insecure -fOL https://curl.haxx.se/ca/cacert-2016-11-02.pem

sha256 cacert-2016-11-02.pem
Verify: cc7c9e2d259e20b72634371b146faec98df150d18dd9da9ad6ef0b2deac2a9d3

Now try curl.haxx.se:

curl --cacert cacert-2016-11-02.pem https://curl.haxx.se

If it still doesn't work give us the output of curl in verbose mode and
also your version information curl -V

[1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
[2]: https://en.wikipedia.org/wiki/Server_Name_Indication

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-12-13