- **status**: open --> pending
- **assigned_to**: Daniel Stenberg
- **Comment**:

Thanks NaHi for confirming this. We thus believe this is fixed with such a move. Dan Rogers, can you confirm this?

---
** [bugs:#1360] SSL regression in 7.36.0 on Amazon Linux**
**Status:** pending
**Created:** Wed Apr 16, 2014 01:50 AM UTC by Dan Rogers
**Last Updated:** Tue Apr 22, 2014 08:25 AM UTC
**Owner:** Daniel Stenberg
Upgrading CURL/libCURL from:
~~~~~~
# rpm -qi curl
Name        : curl
Version     : 7.35.0
Release     : 2.42.amzn1
Architecture: x86_64
Install Date: Thu 10 Apr 2014 08:20:19 PM PDT
Group       : Applications/Internet
Size        : 534216
License     : MIT
Signature   : RSA/SHA256, Wed 26 Feb 2014 04:51:24 PM PST, Key ID bcb4a85b21c0f39f
Source RPM  : curl-7.35.0-2.42.amzn1.src.rpm
Build Date  : Wed 26 Feb 2014 04:48:55 PM PST
Build Host  : build-31004.build
Relocations : (not relocatable)
Packager    : Amazon.com, Inc. <http://aws.amazon.com>
Vendor      : Amazon.com
URL         : http://curl.haxx.se/
Summary     : A utility for getting files from remote servers (FTP, HTTP, and others)
~~~~~~
To:
~~~~~~
# rpm -qi libcurl
Name        : libcurl
Version     : 7.36.0
Release     : 2.44.amzn1
Architecture: x86_64
Install Date: Tue 15 Apr 2014 11:40:58 AM PDT
Group       : Development/Libraries
Size        : 455304
License     : MIT
Signature   : RSA/SHA256, Tue 08 Apr 2014 07:21:43 PM PDT, Key ID bcb4a85b21c0f39f
Source RPM  : curl-7.36.0-2.44.amzn1.src.rpm
Build Date  : Tue 08 Apr 2014 03:25:45 PM PDT
Build Host  : build-31003.build
Relocations : (not relocatable)
Packager    : Amazon.com, Inc. <http://aws.amazon.com>
Vendor      : Amazon.com
URL         : http://curl.haxx.se/
Summary     : A library for getting files from web servers
~~~~~~
Results in the following error:
~~~~~~
# curl -v https://s3.amazonaws.com/extimg.popsugar.com/mnt/ephemeral/var/www/files/tmp/2014/04/15/899/netimgEHu6tgWYXxQ0
* Hostname was NOT found in DNS cache
*   Trying 205.251.242.187...
* Connected to s3.amazonaws.com (205.251.242.187) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -8127 (SEC_ERROR_NO_TOKEN)
* The security card or token does not exist, needs to be initialized, or has been removed.
* Closing connection 0
curl: (35) The security card or token does not exist, needs to be initialized, or has been removed.
~~~~~~
However, using SSLv3 works:
~~~~~~
# curl -3 -v https://s3.amazonaws.com/extimg.popsugar.com/mnt/ephemeral/var/www/files/tmp/2014/04/15/899/netimgEHu6tgWYXxQ0
* Hostname was NOT found in DNS cache
*   Trying 54.231.1.40...
* Connected to s3.amazonaws.com (54.231.1.40) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* 	subject: CN=s3.amazonaws.com,O=Amazon.com Inc.,L=Seattle,ST=Washington,C=US
* 	start date: Apr 12 00:00:00 2014 GMT
* 	expire date: Apr 13 23:59:59 2015 GMT
* 	common name: s3.amazonaws.com
* 	issuer: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
~~~~~~
Downgrading to curl 7.35.0 allows this to function again.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.