Ubuntu
curl package

Bug #1258366
Comment #0

Comment 0 for bug 1258366

Revision history for this message

Pierre Carrier (pcarrier) wrote on 2013-12-06:

The bug:

$ curl -sS -v -k https://jenkins.musta.ch//job/monorail_build_flow/4940/api/json
* About to connect() to jenkins.musta.ch port 443 (#0)
* Trying 10.147.129.217... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com
* start date: 2012-10-23 18:01:55 GMT
* expire date: 2013-10-24 18:33:00 GMT
* subjectAltName does not match jenkins.musta.ch
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
ubuntu@i-60bcba0e:~$ curl -sS -v -k https://jenkins.musta.ch/
* About to connect() to jenkins.musta.ch port 443 (#0)
* Trying 10.147.129.217... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com
* start date: 2012-10-23 18:01:55 GMT
* expire date: 2013-10-24 18:33:00 GMT
* subjectAltName does not match jenkins.musta.ch
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK

The fix:

--- a/src/main.c
+++ b/src/main.c
@@ -5375,7 +5375,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
         if(config->insecure_ok) {
           /* new stuff needed for libcurl 7.10 */
           my_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
- my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
+ my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
         }
         else {
           char *home = homedir();

The bug:

$ curl -sS -v -k https://jenkins.musta.ch//job/monorail_build_flow/4940/api/json
* About to connect() to jenkins.musta.ch port 443 (#0)
*   Trying 10.147.129.217... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* 	 subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com
* 	 start date: 2012-10-23 18:01:55 GMT
* 	 expire date: 2013-10-24 18:33:00 GMT
* 	 subjectAltName does not match jenkins.musta.ch
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
ubuntu@i-60bcba0e:~$ curl -sS -v -k https://jenkins.musta.ch/
* About to connect() to jenkins.musta.ch port 443 (#0)
*   Trying 10.147.129.217... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* 	 subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com
* 	 start date: 2012-10-23 18:01:55 GMT
* 	 expire date: 2013-10-24 18:33:00 GMT
* 	 subjectAltName does not match jenkins.musta.ch
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK

The fix:

--- a/src/main.c
+++ b/src/main.c
@@ -5375,7 +5375,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
         if(config->insecure_ok) {
           /* new stuff needed for libcurl 7.10 */
           my_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
-          my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
+          my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
         }
         else {
           char *home = homedir();

Ubuntucurl package

Comment 0 for bug 1258366

Ubuntu
curl package