[Bug 1258366] Re: curl -k breaks for some certificates after USN-2048-1
Pierre Carrier
1258366 at bugs.launchpad.net
Fri Dec 6 02:16:21 UTC 2013
Fix was tested and is being deployed to our production infrastructure
(all precise amd64):
$ curl -sSk https://jenkins.musta.ch/>/dev/null && dpkg -i curl_7.22.0-3ubuntu4.4-airbnb1_amd64.deb && curl -sSk https://jenkins.musta.ch/>/dev/null
curl: (51) SSL peer certificate or SSH remote key was not OK
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1258366
Title:
curl -k breaks for some certificates after USN-2048-1
Status in “curl” package in Ubuntu:
New
Bug description:
The bug:
$ curl -sS -v -k https://jenkins.musta.ch//job/monorail_build_flow/4940/api/json
* About to connect() to jenkins.musta.ch port 443 (#0)
* Trying 10.147.129.217... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com
* start date: 2012-10-23 18:01:55 GMT
* expire date: 2013-10-24 18:33:00 GMT
* subjectAltName does not match jenkins.musta.ch
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
ubuntu at i-60bcba0e:~$ curl -sS -v -k https://jenkins.musta.ch/
* About to connect() to jenkins.musta.ch port 443 (#0)
* Trying 10.147.129.217... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com
* start date: 2012-10-23 18:01:55 GMT
* expire date: 2013-10-24 18:33:00 GMT
* subjectAltName does not match jenkins.musta.ch
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
The fix:
--- a/src/main.c
+++ b/src/main.c
@@ -5375,7 +5375,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
if(config->insecure_ok) {
/* new stuff needed for libcurl 7.10 */
my_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
- my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
+ my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
}
else {
char *home = homedir();
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1258366/+subscriptions
More information about the foundations-bugs
mailing list