cURL / Mailing Lists / curl-library / Single Mail

curl-library

cert verification problem on curl handle re-use

From: Michael Barton <mike_at_weirdlooking.com>
Date: Sun, 20 Jan 2013 06:17:19 -0600

Hi!

I'm having a problem with libcurl that so far seems to only happen on
CentOS/RHEL 5.8 (libcurl 7.15.5 and openssl 0.9.8e). The first https
request I make on a curl handle succeeds, but all subsequent requests give
me a cert verification failure. If I disable CURLOPT_SSL_VERIFYHOST or
make a new curl handle for each request, everything works fine. But
obviously I'd prefer to avoid those. If anyone has ideas on fixing this,
I'd love to hear them.

This is enough to reproduce the problem:
http://pastebin.com/D7PpUdnP

Output:

* About to connect() to storage101.dfw1.clouddrive.com port 443
* Trying 2001:4800:7900::a100... * connected
* Connected to storage101.dfw1.clouddrive.com (2001:4800:7900::a100) port
443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using RC4-SHA
* Server certificate:
* subject: /O=storage101.dfw1.clouddrive.com/OU=Go to
https://www.thawte.com/repository/index.html/OU=Thawte SSL123
certificate/OU=Domain Validated/CN=storage101.dfw1.clouddrive.com
* start date: 2012-01-23 00:00:00 GMT
* expire date: 2014-03-23 23:59:59 GMT
* common name: storage101.dfw1.clouddrive.com (matched)
* issuer: /C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA
* SSL certificate verify ok.
> GET / HTTP/1.1
Host: storage101.dfw1.clouddrive.com
Accept: */*

< HTTP/1.1 404 Not Found
< Content-Length: 70
< Content-Type: text/html; charset=UTF-8
< X-Trans-Id: tx466621b8f79349eeaa734fcf7fce0c5f
< Date: Sun, 20 Jan 2013 12:13:19 GMT
* Connection #0 to host storage101.dfw1.clouddrive.com left intact
<html><h1>Not Found</h1><p>The resource could not be found.</p></html>
Initial request: 404
* About to connect() to storage101.dfw1.clouddrive.com port 443
* Trying 2001:4800:7900::a100... * connected
* Connected to storage101.dfw1.clouddrive.com (2001:4800:7900::a100) port
443
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
* Closing connection #1
* problem with the SSL CA cert (path? access rights?)
Second request: 0

- Mike

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-01-20

This message: [ Message body ]
Next message: Oscar Koeroo: "Re: cert verification problem on curl handle re-use"
Previous message: Steve Holme: "Upgrade TLS"
Next in thread: Oscar Koeroo: "Re: cert verification problem on curl handle re-use"
Reply: Oscar Koeroo: "Re: cert verification problem on curl handle re-use"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]