curl 'SSL connect error'

1

basic steps taken:

# echo -n | openssl s_client -showcerts -connect example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/example.cert
# curl -v --cacert /tmp/example.cert https://example.com/
* About to connect() to example.com port 443 (#0)
*   Trying 123.45.67.89... connected
* Connected to example.com (123.45.67.89) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: example.cert
  CApath: none
* NSS error -12188
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

I tried pem with a certificate chain, and also as just the plain host certificate.

Sometimes I also get the error Problem with the SSL CA cert (path? access rights?).

also tried (as a temporary work around):

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);

# echo 'insecure' > $CURL_HOME/.curlrc

still I will end up with SSL connect error.

user3338098

Posted 2015-12-18T00:41:32.420

Reputation: 171

1

like this? http://stackoverflow.com/questions/21887315/curl-ssl-connect-error-35-with-nss-error-5961

– schroeder – 2015-12-18T02:39:34.953

@schroeder if you mean --cacert then yes – user3338098 – 2015-12-18T17:40:05.553

Answers

1

don't use curl.

$context = stream_context_create(array(
  'http' => array(
    'method' => 'POST',
    'header' => 'Content-Type: application/x-www-form-urlencoded',
    'content' => http_build_query(array([...])),
    'protocol_version' => 1.1,
    'timeout' => 10,
    'ignore_errors' => true
  )
));
$result = file_get_contents('https://example.com/', false, $context);

stream_context_create works just as well.

user3338098

Posted 2015-12-18T00:41:32.420

Reputation: 171

Asked: 2015-12-18T00:41:32.420

Viewed: 7 215 times

Active: 2015-12-18T21:16:25.187