Ubuntu
curl package

Bug #2028170
Comment #17

Comment 17 for bug 2028170

Revision history for this message

Loren Underwood (lunderwood) wrote on 2023-07-21:

#17

I'm also experiencing this issue now. did update, upgrade, even reboot (this is a dev/staging web server).
Example:

ubuntu@t1:~$ curl -v https://skywaytheatre.com/wp-content/uploads/2023/01/Avatar-flyer-LOCAL-1.png
* Trying 52.37.32.232:443...
* Connected to skywaytheatre.com (52.37.32.232) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=*.skywaytheatre.com
* start date: Jul 14 10:02:27 2023 GMT
* expire date: Oct 12 10:02:26 2023 GMT
* subjectAltName does not match skywaytheatre.com
* SSL: no alternative certificate subject name matches target host name 'skywaytheatre.com'
* Closing connection 0
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'skywaytheatre.com'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

ubuntu@t1:~$ apt list curl -a
Listing... Done
curl/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic]
curl/jammy 7.81.0-1 amd64

I'm also experiencing this issue now. did update, upgrade, even reboot (this is a dev/staging web server).
Example:

ubuntu@t1:~$ curl -v https://skywaytheatre.com/wp-content/uploads/2023/01/Avatar-flyer-LOCAL-1.png
*   Trying 52.37.32.232:443...
* Connected to skywaytheatre.com (52.37.32.232) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=*.skywaytheatre.com
*  start date: Jul 14 10:02:27 2023 GMT
*  expire date: Oct 12 10:02:26 2023 GMT
*  subjectAltName does not match skywaytheatre.com
* SSL: no alternative certificate subject name matches target host name 'skywaytheatre.com'
* Closing connection 0
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'skywaytheatre.com'
More details here: https://curl.se/docs/sslcerts.html

ubuntu@t1:~$ apt list curl -a
Listing... Done
curl/jammy-updates,jammy-security,now 7.81.0-1ubuntu1.13 amd64 [installed,automatic]
curl/jammy 7.81.0-1 amd64

Ubuntucurl package

Comment 17 for bug 2028170

Ubuntu
curl package