Reputation: 8231
curl fails to verify self signed certificate after redirection from HTTP to HTTPS
I have a problem with self-signed SSL certificate and curl.
Server is lighttpd. HTTPS works fine:
$ curl https://192.168.144.1/zxc -k
HELLO
But with redirection from HTTP it fails:
curl http://192.168.144.1:81/zxc -kvL
* Trying 192.168.144.1...
* TCP_NODELAY set
* Connected to 192.168.144.1 (192.168.144.1) port 81 (#0)
> GET /zxc HTTP/1.1
> Host: 192.168.144.1:81
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.144.1:81/zxc
< Content-Length: 0
< Date: Sat, 30 May 2020 06:59:57 GMT
< Server: lighttpd/1.4.48
<
* Connection #0 to host 192.168.144.1 left intact
* Issue another request to this URL: 'https://192.168.144.1:81/zxc'
* Hostname 192.168.144.1 was found in DNS cache
* Trying 192.168.144.1...
* TCP_NODELAY set
* Connected to 192.168.144.1 (192.168.144.1) port 81 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
........... HERE IT STACKS FOR A MINUTE ....................
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
* stopped the pause stream!
* Closing connection 1
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
One possible solution I found here https://stackoverflow.com/a/44494250/3743145: CURLOPT_SSL_VERIFYPEER=false. How to pass it to CURL CLI?
Upvotes: 2
Views: 12215
Answers (2)
Reputation: 104
I had the similar problem and had fixed by making sure the private key in my cert is in correct format. https://sysadminupdates.com/blog/2021/06/22/ssl-error-libressl-ssl_connect-ssl_error_syscall/
Upvotes: 0
Reputation: 123601
> * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.144.1:81
The error is SSL_ERROR_SYSCALL and this has nothing to do with certificate validation. In fact, a closer look at what you are doing shows that you are redirecting from plain HTTP on port 81 to HTTPS on the same port.
curl http://192.168.144.1:81/zxc -kvL
...
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.144.1:81/zxc
This is very different from what you've tested before where you used HTTPS on the standard port (443). And it is very likely that your HTTP server does not speak HTTP and HTTPS on the same port 81 - most servers don't even support such kind of configuration.
Upvotes: 2
Related Questions
- How do I deal with certificates using cURL while trying to access an HTTPS url?
- Use self signed certificate with cURL?
- curl: unable to get local issuer certificate with self signed cert
- Why won't curl recognise a self-signed SSL certificate?
- Curl certificate verification failed
- CURL not validating certifcate
- Curl does not take into consideration the given certificate(using --cert option)
- SSL certificate error
- CURL not correctly applying CA certificate file
- curl SSL certificate error: verifcation failed