[arin-tech-discuss] SSL error

Aaron Hughes aaronh at bind.com
Tue Sep 13 22:06:01 EDT 2011 

I am geting an odd error when connecting over SSL using curl and cannot figure out why.

Cannot connect... blah blah..

So I test:

@trace.bind.com:/Users/aaronh> curl -I https://www.arin.net
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.


That's odd.... so I -k

@trace.bind.com:/Users/aaronh> curl -k -I https://www.arin.net
HTTP/1.1 200 OK
Date: Wed, 14 Sep 2011 02:02:05 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 12 Sep 2011 15:04:27 GMT
ETag: "28f5c7c-4146-d7da94c0"
Accept-Ranges: bytes
Content-Length: 16710
Connection: close
Content-Type: text/html; charset=UTF-8


So I add...  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

Now: Failure: Return code is 400

Is there something wrong with ARINs SSL Cert or is there something wrong with this system??

Cheers,
Aaron

[snip]

curl --version
curl 7.22.0 (x86_64-apple-darwin10.8.0) libcurl/7.22.0 OpenSSL/1.0.0e zlib/1.2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz 

/wwwdata/php5/bin/php --version
PHP 5.3.8 (cli) (built: Sep 13 2011 18:35:29) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies

/wwwdata/apache2/bin/httpd -v
Server version: Apache/2.2.20 (Unix)
Server built:   Sep 13 2011 18:42:13

All over IPv6.

On another system running PHP 5.3.3 with cURL 7.21.0,
notroot at ubuntu-saj:~/dev/app/IP$ curl -I https://www.arin.net                                       
HTTP/1.1 200 OK                                                                                     
Date: Wed, 14 Sep 2011 01:12:11 GMT                                                                 
Server: Apache/2.2.3 (CentOS)                                                                       
Last-Modified: Mon, 12 Sep 2011 15:04:27 GMT                                                        
ETag: "28f5c7c-4146-d7da94c0"                                                                       
Accept-Ranges: bytes                                                                                
Content-Length: 16710                                                                               
Connection: close                                                                                   
Content-Type: text/html; charset=UTF-8                                                              
                                                                                                    

-- 

Aaron Hughes 
aaronh at bind.com
+1-831-824-4161
Key fingerprint = AD 67 37 60 7D 73 C5 B7 33 18 3F 36 C3 1C C6 B8
http://www.bind.com/

More information about the arin-tech-discuss mailing list