On Sat, 20 Oct 2001, john lask wrote:

> I am trying to connect to a https site using curl from behind a firewall
> (the results should be same regardles)

Yes, assuming that your firewall/proxy doesn't tamper with anything.

I assume that you can connect to this site over that same proxy using your
favourite browser, right?

> I believe that this could be a limitation of the openssl library but I am
> not sure.

I agree with you that it looks like that.

> I have checked the packets using a sniffer what appears to be happening
> is that the server responds back with a certificate as part of the
> handshaking protocol but the ssl lib isn't recognising the response. Any
> insights would be appreciated.

For some really to-the-point insights and good analasis on the SSL parts, you
should consider posting a detailed question to an OpenSSL mailing list
instead.

> curl: (35) SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol

AFAIK, this indicates that OpenSSL can't use the "figure out which protocol
to use" method.

[enforced version 3]

> curl: (35) SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number

Seems to indicate that it doesn't speak SSLv3...

[enforced version 2]

> curl: (35) SSL: error:00000000:lib(0):func(0):reason(0)

Uh, this is really not a very friendly error message... :-( Perhaps you
should consider trying a different set of ciphers. I'm guessing wildly
here...

-- 
    Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/