Thank you, that was one of the problem, it needed the fully qualified dns name. So close..yet seems far. Please help!!!
Command line: => works
curl -X POST -vvv --sslv3 -d <at> input_file https://username:password <at> kmc03bit.xx.xx/invoke/processRequest
--cacert /usr/local/etc/ssl/ca.pem
Through libcurl: => doesn’t work. Program(below) returns errormsg= 7 – Couln’t connect to host.
Wireshark result =
SSLv3 Alert (Level: Fatal, Description: Handshake Failure)
Transmission Control Protocol, Src Port: https (443), Dst Port: 58814 (58814), Seq: 1, Ack: 2, Len: 7
Checksum: 0x8d9f [incorrect, should be 0xb98e (maybe caused by "TCP checksum offload"?)]
if(curl) {
curl_easy_setopt(curl, CURLOPT_USERPWD, pAPI);
/* URL of the CCE XML Input Component */
curl_easy_setopt(curl, CURLOPT_URL, pUrl);
/* Setup Header */
/* Setup SSL specific config options */
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); => added this. Anything I changed doesn’t have any affect
curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, "AES256-SHA"); => added this. Anything I changed doesn’t have any affect
/* Certificate type */
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, pKeyType);
/* Certificate filename */
curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
/* Is a passphrase needed? */
if (pPassphrase)
/* Private key type */
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);
/* Private key filename */
curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);
/* CA Certificate file */
if (pCACertFile)
curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
/* Setup function to receive the data */
curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, write_cb);
/* Add XML document to the HTTP form */
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, xmlstring);
/* Send document to engine */
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errormsg);
res = curl_easy_perform(curl);
if (res != 0)
printf ("Error is in %d-%s\n", res,errormsg);
/* always cleanup */
curl_easy_cleanup(curl);
/* cleanup the variables too */
curl_slist_free_all (headerlist);
/* Display response doc */
/* printf ("Result in Memory: %s\n\n", memory->data) */
retquote(memory->data );
From: curl-library-bounces <at> cool.haxx.se [mailto:curl-library-bounces <at> cool.haxx.se] On Behalf Of Peter Sylvester
Sent: Tuesday, July 10, 2012 2:20 AM
To: curl-library <at> cool.haxx.se
Subject: Re: Need install of curl 7.16.2 (ia64-hp-hpux11.23) libcurl/7.16.2
On 07/09/2012 10:58 PM, Anu Shrestha wrote:
Summary: Handshaking between the client and host cipher(TLSV1/SSLV3) is not compatible with current version of curl 7.24. It used to work with 7.21. What changes between the version could have this?
Eg
Also just from command line, default connection from curl to host fails handshake. Specifying tls fails handshake as well. Forcing sslv3 works. Using openssl it works in both scenarios. All samples are below. Any help would be MUCH appreciated.
curl -vvv https://kmc03bit ====> (doesn’t work)
this may be a problem with SNI?
What does the server expects as ServerNameIndication?
try and use a fully qualified dns name or just the ip address to see what happens
* About to connect() to kmc03bit port 443 (#0)
* Trying 10.50.60.102...
* connected
* Connected to kmc03bit (10.50.60.102) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected mese
* Closing connection #0
curl: (35) error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected
curl -vvv --tlsv1 https://kmc03bit ====> (doesn’t work)
* About to connect() to kmc03bit port 443 (#0)
* Trying 10.50.60.102...
* connected
* Connected to kmc03bit (10.50.60.102) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message
* Closing connection #0
curl: (35) error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected me
curl -vvv --sslv3 https://kmc03bit è (works)
* About to connect() to kmc03bit port 443 (#0)
* Trying 10.50.60.102...
* connected
* Connected to kmc03bit (10.50.60.102) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
-------OPENSSL
openssl s_client -connect kmc03bit:443 -tls1 è (works)
CONNECTED(00000003)
SSL handshake has read 2588 bytes and written 285 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
openssl s_client -connect kmc03bit:443 -ssl3 è (works)
CONNECTED(00000003)
SSL handshake has read 2604 bytes and written 299 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : AES256-SHA
From: Anu Shrestha
Sent: Monday, July 09, 2012 3:05 PM
To: libcurl development
Subject: RE: Need install of curl 7.16.2 (ia64-hp-hpux11.23) libcurl/7.16.2
We took your suggestion and start working to make our apps work with cURL 7.24.
We wanted to force down the SSLV2 since host is expecting SSLV2. I used following function in my application but it is still trying to exchange with SSLV3.
/* Setup SSL specific config options */
curl_easy_setopt(curl,CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2);
I have also attached the code. Help please.
Anu
From: curl-library-bounces <at> cool.haxx.se on behalf of Daniel Stenberg
Sent: Sun 7/8/2012 8:22 AM
To: libcurl development
Cc: Mike Ballon
Subject: RE: Need install of curl 7.16.2 (ia64-hp-hpux11.23) libcurl/7.16.2
On Sun, 8 Jul 2012, Anu Shrestha wrote:
Please note that we don't top-post on this mailing list.
> We have reached out to hpux but they don't have the older install. Can you
> please point us to docs and how to get the source code package to build
> ourselves?
The tar archive is full of them. And if that isn't enough, the web site has
lots of info, and if all that fails we're here on the list to answer the
questions you couldn't find answers to.
But please be aware that 7.16.2 is over five years old (we have done 815
documented bug fixes since!) and we're not very keen on supporting ancient
versions so you need to be aware that you're on your own when going that
route.
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
CONFIDENTIALITY NOTICE: This e-mail and any accompanying documents contain
confidential information intended for a specific individual purpose. This
information is private and protected by law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or distribution,
or the taking of any action based on the contents of this information, is
strictly prohibited. If you have received this transmission in error, please
delete it. Thank you.
-------------------------------------------------------------------
List admin:
http://cool.haxx.se/list/listinfo/curl-libraryEtiquette:
http://curl.haxx.se/mail/etiquette.html
CONFIDENTIALITY NOTICE: This e-mail and any accompanying documents contain
confidential information intended for a specific individual purpose. This
information is private and protected by law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or distribution,
or the taking of any action based on the contents of this information, is
strictly prohibited. If you have received this transmission in error, please
delete it. Thank you.
RSS Feed