[99s-extend] ssl_hello_world

Loïc Hoguin essen at ninenines.eu
Fri Apr 11 13:41:29 CEST 2014

Previous message: [99s-extend] ssl_hello_world
Next message: [99s-extend] ssl_hello_world
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is the successful output I get. You should try to see why yours is 
different, perhaps someone somewhere ran into the same issue at some 
point. Note that the --cacert option isn't needed and basically makes no 
difference.


% curl -ikvv https://localhost:8443
* Rebuilt URL to: https://localhost:8443/
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
   CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA384
* Server certificate:
* 	 subject: C=US; ST=Texas; O=Nine Nines; OU=Cowboy; CN=localhost
* 	 start date: 2013-02-28 05:23:34 GMT
* 	 expire date: 2033-02-23 05:23:34 GMT
* 	 issuer: C=US; ST=Texas; O=Nine Nines; OU=Cowboy; CN=ROOT CA
* 	 SSL certificate verify result: self signed certificate in 
certificate chain (19), continuing anyway.
 > GET / HTTP/1.1
 > User-Agent: curl/7.35.0
 > Host: localhost:8443
 > Accept: */*
 >
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< connection: keep-alive
connection: keep-alive
* Server Cowboy is not blacklisted
< server: Cowboy
server: Cowboy
< date: Fri, 11 Apr 2014 11:30:03 GMT
date: Fri, 11 Apr 2014 11:30:03 GMT
< content-length: 12
content-length: 12
< content-type: text/plain
content-type: text/plain

<


On 04/11/2014 01:25 PM, Samir Sow wrote:
> Thx.
>
> Same error …
> Openssl s_client does not work either.
> the server does not answer to ClientHello …
>
> Samir
>
> On 11 avr. 2014, at 13:18, Loïc Hoguin <essen at ninenines.eu> wrote:
>
>> The certificate in the SSL example is self-generated, try curl with the --insecure option.
>>
>> On 04/11/2014 12:39 PM, Samir Sow wrote:
>>> Hi,
>>>
>>> Still struggling to make ssl work.
>>>
>>> I downloaded the example ssl_hello_world.
>>> Upon execution : i get the following error with curl
>>>
>>>   About to connect() to localhost port 8443 (#0)
>>> *   Trying ::1... Connexion refusée
>>> *   Trying 127.0.0.1... connected
>>> * Connected to localhost (127.0.0.1) port 8443 (#0)
>>> * Initializing NSS with certpath: sql:/etc/pki/nssdb
>>> * NSS error -8018
>>> * Closing connection #0
>>> * Problem with the SSL CA cert (path? access rights?)
>>> curl: (77) Problem with the SSL CA cert (path? access rights?)
>>>
>>>
>>> cmd = curl -vv --cacert priv/cert/cowboy-ca.crt -i https://localhost:8443/
>>>
>>> cacert path checked.
>>> read permission checked
>>>
>>> I’ve tested with a browser and get a connection error.
>>>
>>> Any clue ?
>>>
>>> Samir
>>>
>>>
>>> _______________________________________________
>>> Extend mailing list
>>> Extend at lists.ninenines.eu
>>> https://lists.ninenines.eu/listinfo/extend
>>>
>>
>> --
>> Loïc Hoguin
>> http://ninenines.eu
>

-- 
Loïc Hoguin
http://ninenines.eu

Previous message: [99s-extend] ssl_hello_world
Next message: [99s-extend] ssl_hello_world
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Extend mailing list