OS : 11.10 oneiric Server Side is : Jboss 5
> openssl version
OpenSSL 1.0.0e 6 Sep 2011
> curl --version
curl 7.21.6 (i686-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp smtp smtps telnet tftp Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
> curl -v -L --capath ~/temp --cacert ~/temp/ca-bundle.crt https://SERVERIP:8443
* About to connect() to SERVERIP port 8443 (#0) * Trying SERVERIP... connected * Connected to SERVERIP (SERVERIP) port 8443 (#0) * successfully set certificate verify locations: * CAfile: /home/nagi/temp/ca-bundle.crt CApath: /home/nagi/temp/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS alert, Server hello (2): * error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error * Closing connection #0 curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
with option -3: > curl -v -3 -L --capath ~/temp --cacert ~/temp/ca-bundle.crt https://SERVERIP:8443
* About to connect() to SERVERIP port 8443 (#0) * Trying SERVERIP... connected * Connected to SERVERIP (SERVERIP) port 8443 (#0) * successfully set certificate verify locations: * CAfile: /home/nagi/temp/ca-bundle.crt CApath: /home/nagi/temp/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS alert, Server hello (2): * error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error * Closing connection #0 curl: (35) error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error
The ca-bundle.crt is created with firefox-db2pem.sh script in http://curl.haxx.se/docs/caextract.html
OS : 11.10 oneiric
Server Side is : Jboss 5
> openssl version
OpenSSL 1.0.0e 6 Sep 2011
> curl --version
curl 7.21.6 (i686-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
> curl -v -L --capath ~/temp --cacert ~/temp/ ca-bundle. crt https:/ /SERVERIP: 8443
* About to connect() to SERVERIP port 8443 (#0) temp/ca- bundle. crt SSL23_GET_ SERVER_ HELLO:tlsv1 alert internal error SSL23_GET_ SERVER_ HELLO:tlsv1 alert internal error
* Trying SERVERIP... connected
* Connected to SERVERIP (SERVERIP) port 8443 (#0)
* successfully set certificate verify locations:
* CAfile: /home/nagi/
CApath: /home/nagi/temp/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14077438:SSL routines:
* Closing connection #0
curl: (35) error:14077438:SSL routines:
with option -3: ca-bundle. crt https:/ /SERVERIP: 8443
> curl -v -3 -L --capath ~/temp --cacert ~/temp/
* About to connect() to SERVERIP port 8443 (#0) temp/ca- bundle. crt SSL3_READ_ BYTES:tlsv1 alert internal error SSL3_READ_ BYTES:tlsv1 alert internal error
* Trying SERVERIP... connected
* Connected to SERVERIP (SERVERIP) port 8443 (#0)
* successfully set certificate verify locations:
* CAfile: /home/nagi/
CApath: /home/nagi/temp/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14094438:SSL routines:
* Closing connection #0
curl: (35) error:14094438:SSL routines:
The ca-bundle.crt is created with firefox-db2pem.sh script in http:// curl.haxx. se/docs/ caextract. html