https://bugzilla.novell.com/show_bug.cgi?id=334690
User tom.horsley@att.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=334690#c5
Thomas Horsley changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |REOPENED
Info Provider|tom.horsley@att.net |
--- Comment #5 from Thomas Horsley 2008-06-30 10:07:32 MDT ---
Here's the curl -v
osu11d0-i:~ # curl -v https://redhawk.ccur.com > /dev/null
* About to connect() to redhawk.ccur.com port 443 (#0)
* Trying 129.134.60.39... connected
* Connected to redhawk.ccur.com (129.134.60.39) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS alert, Server hello (2):
} [data not shown]
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
faile
d
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
faile
d
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Here's the strace of the attemp to open a cert dir in zypper:
osu11d0-i:~ # fgrep cert zypp.trace
stat64("/etc/ssl/certs//3c58f906.0", 0xbf8fea8c) = -1 ENOENT (No such file or
directory)
stat64("/etc/ssl/certs//3c58f906.0", 0xbf8fe4ac) = -1 ENOENT (No such file or
directory)
And here's the cert exported when I was looking at the same site in firefox:
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIRAOis1pjbQ+yAGUvIts2zLeAwDQYJKoZIhvcNAQEFBQAw
gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl
IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY
aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0
LUhhcmR3YXJlMB4XDTA4MDIyMDAwMDAwMFoXDTEwMDMwNjIzNTk1OVowge8xCzAJ
BgNVBAYTAlVTMQ4wDAYDVQQREwUzMzA2OTEQMA4GA1UECBMHRmxvcmlkYTEWMBQG
A1UEBxMNUG9tcGFubyBCZWFjaDEaMBgGA1UECRMRUG9tcGFubyBCZWFjaCwgRkwx
GzAZBgNVBAkTEjI4ODEgR2F0ZXdheSBEcml2ZTEoMCYGA1UEChMfQ29uY3VycmVu
dCBDb21wdXRlciBDb3Jwb3JhdGlvbjEMMAoGA1UECxMDTUlTMRowGAYDVQQLExFD
b21vZG8gSW5zdGFudFNTTDEZMBcGA1UEAxMQcmVkaGF3ay5jY3VyLmNvbTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzoozh+GQ7WkUWw+MWAzfOrD5ZfglM3zp
A/oul8anxFUuntaAEQLtZsvrPAJQW/P1OUwGUG2V6j66UuQLS0lCKdutblVASAmF
qHO71NtLvBgZeQyH9A41/PJL/4z+1sRZr1wJLtRcK6AHzNx83qe+U6XWfAhWxVx/
c7yDgqKjWtUCAwEAAaOCAeIwggHeMB8GA1UdIwQYMBaAFKFyXyYbKJhDlV0HN9WF
lp1L0sNFMB0GA1UdDgQWBBQ36vPr6Y15JS4GoNxvl8jO/LNNHTAOBgNVHQ8BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwEQYJYIZIAYb4QgEBBAQDAgbAMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQME
MCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMHsG
A1UdHwR0MHIwOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1VUTi1VU0VS
Rmlyc3QtSGFyZHdhcmUuY3JsMDagNKAyhjBodHRwOi8vY3JsLmNvbW9kby5uZXQv
VVROLVVTRVJGaXJzdC1IYXJkd2FyZS5jcmwwgYYGCCsGAQUFBwEBBHoweDA7Bggr
BgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vVVROQWRkVHJ1c3RTZXJ2
ZXJDQS5jcnQwOQYIKwYBBQUHMAKGLWh0dHA6Ly9jcnQuY29tb2RvLm5ldC9VVE5B
ZGRUcnVzdFNlcnZlckNBLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAEgxVrDfJjTFU
fOB8eh8bmbqTF3ngKxyzQvSrcj7yyIw8GepZnkZRb8LVFvIK6BfMgT095F78v7Xd
dA06mTO8L37FhXjSnxiU340VkHFdytLXALuVl7siznB5sS+ghnDnR3rLI+ZZhTQK
4UaHfiu0iUkdmXSGuoVeXMPYuG+o8g78uefAG3YMAoHU8qUrfwInDh2Xr2WIqnvu
RZbJ00aUaHf4tZE9KNtAD/OMP0EfHkhYSpfEfpqunJp+/v2IS8WP3mUWQ3JBionO
KT8/LJT2TFnI3BnLC8sqt7qYKmwOeSujrjgT7ETI8qWL/hwYQNljpJWPEiQwP6lg
K6mKm9z3bg==
-----END CERTIFICATE-----
That's all I can think of to add :-).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.