Maybe is there a problem with closing the SSL connections? It is also worth reading the GSI section in the Condor documentation. I haven't found it yet... Kamil --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html Re: cURL error 56 with SSL error -12195 2015-04-14 Thread Alexandre Arantes Sorry, It might have been my mistake when posting it.
see Globus docs): $ sudo rpm -hUv http://www.globus.org/ftppub/gt5/5.2/5.2.5/installers/repo/Globus-5.2.stable-config.sl-5.5-1.noarch.rpm Install Globus components required to set up the CA $ sudo yum install globus-simple-ca globus-gsi-cert-utils-progs Executables will be in /usr/bin, and other stuff Dan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html Re: cURL error 56 with SSL error -12195 2015-04-14 Thread mm.w there Some possible solutions include: Describing to the users how to create a CA bundle and execute successful curl commands as above. Decoding error.
Shortest code to produce non-deterministic output Loading trait on weapons without ammunition Are endothermic bombs possible? An example is the following: GSI "O=Grid/OU=GlobusTest/OU=simpleCA-bifrostdev.cadc.dao.nrc.ca/OU=local/CN=Ed Chapin" echapin GSI CN=echapin_716 echapin GSI CN=canfradm canfradm Here the first line has the full subject for a user cert that was generated using I am appending Elio to CC as the NSS guru. These failures may be caused by the system running out of memory, or errors returned by PKCS#11 routines that did not provide meaningful error codes of their own.
Then copy the output hostsigned.pem to /etc/grid-security/hostcert.pem on bifrostdev. For example, $ curl -v -E ~/.ssl/cadcproxy.pem --location-trusted https://www.cadc-ccda.hia-iha.nrc-cnrc.gc.ca/data/pub/JCMT/s8a20140517_00041_0008?runid=dtwbme1p06kygpf0 -o s8a20140517_00041_0008.sdf will obtain these proprietary data (if the user has the correct access privileges). This trick will probably also work with CADC issued proxy certificates. Error Code Ssl_error_rx_malformed_alert The page that makes the calls looks like this (this page was created as a "proof of concept", to see that the call can actually be made):
Such a connection cannot be permitted without violating U.S. Curl Nss Error -5961 SSL_ERROR_US_ONLY_SERVER -12287 "Unable to communicate securely. Error attempting to import certificate chain. On Tue, Apr 14, 2015 at 1:36 PM, Alexandre Arantes [email protected] wrote: I have an *internal* server (internal to my network) to which I make a *REST API* call from an
Something similar to installing debuginfo or whatever? Curl Nss Error 12263 SEC_ERROR_DUPLICATE_CERT -8170 Certificate already exists in your database. Dan --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html Re: cURL error 56 with SSL error -12195 2015-04-14 Thread Dan Fandrich On Tue, Apr 14, 2015 at Bug527771 - curl is unable to connect via SSL, NSS error -12229 Summary: curl is unable to connect via SSL, NSS error -12229 Status: CLOSED ERRATA Aliases: None Product: Fedora Classification:
Top Log in or register to post comments May 8, 2008 - 11:02am #2 Lithyum Offline Last seen: 8 years 6 months ago Joined: 2008-05-08 10:53 error code: -12195 I've been http://www.it1me.com/it-answers?id=29632205&s=NSS%206&ttl=PHP+cURL+call+returning+error+56+with+NSS+error+-12195 Sure. Nss Error 5961 SEC_ERROR_BAD_DATA -8190 Security library: received bad data. Nss Error Code 5961 Why am I getting this error?NOTE: I tried playing with CURLOPT_SSLVERSION.
To use its Globus installation you can $ cd /opt/nimbus/lib/ $ source this-globus-environment.sh Relative merits of both methods The first method is extremely simple: no modifications to Condor or Cloud Scheduler SEC_ERROR_CERT_VALID -8165 This certificate is valid. not a lib curl issue sorry. SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE -8162 The certificate issuer's certificate has expired. Nss Error Codes
Possible causes include: (a) both SSL2 and SSL3 are disabled, (b) All the individual SSL cipher suites are disabled, or (c) the socket is configured to handshake as a server, but Terms Privacy Security Status Help You can't perform that action at this time. connected * Connected to x.x.x.com (x.x.x.x) port 443 (#0) * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12229 * Closing connection #0 * SSL connect error curl: (35) SSL connect error The page that makes the calls looks like this: [snip] = = = = = = = = = = = = = = = = = = = = =
SEC_ERROR_PKCS7_KEYALG_MISMATCH -8146 Cannot decrypt: key encryption algorithm does not match your certificate. Ssl Error Rx Malformed Alert Add a translation Edit Advanced Advanced History Print this article MDN Mozilla Projects Network Security Services SSL functions sslerr.html Your Search Results scastelli Sheppy kwilson sslerr.html In This Article Chapter 8 Peer requires high-grade encryption which is not supported." The remote system was configured to support the cipher suites permitted for domestic use.
Trying the same operation again might succeed." SEC_ERROR_PKCS11_DEVICE_ERROR -8023 "A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot." SEC_ERROR_BAD_INFO_ACCESS_METHOD -8022 "Unknown information access To make it safer (other than a Firewall box that limits the external IP addresses that can call my internal server to only the static IP address of my external server), Note that there is already an adPut script in wservice/data_ws/scripts and wservice/transfer_ws/script that currently depends on this broken curl functionality. Ssl Received A Malformed Alert Record Note You need to log in before you can comment on or make changes to this bug.
Is there a way to make curl more verbose (beside -v or -trace)? SEC_INTERNAL_ONLY -8153 Internal-only module. Personal Open source Business Explore Sign up Sign in Pricing Blog Support Search GitHub This repository Watch 4 Star 1 Fork 1 canfar/openstack-sandbox Code Issues 0 Pull requests 0 Projects Comment 18 Wolfram Wagner 2009-10-08 08:54:50 EDT Created attachment 364110 [details] Zabbix utilization of curllib...
asked 1 year ago viewed 1164 times active 26 days ago Blog How Do Software Developers in New York, San Francisco, London and Bangalore… Related 0How to install cURL with openssl This usually indicates that the client and server have failed to come to agreement on the set of keys used to encrypt the application data and to check message integrity. I have made that check and removed the new ca certificate => wget failed to connect... Comment 15 Wolfram Wagner 2009-10-08 06:58:22 EDT I understand the problem, but my C/C++ times are 10 years behind me.
Note the following lines in /var/log/condor/SchedLog: 07/22/14 11:36:02 (pid:18922) Received TCP command 1112 (QMGMT_WRITE_CMD) from [email protected] <188.8.131.52:47949>, access level WRITE 07/22/14 11:36:02 (pid:18922) OwnerCheck retval 1 (success), super_user 07/22/14 11:36:02 (pid:18922) SEC_ERROR_ADDING_CERT -8168 Error adding certificate to database. You can find meaning of the error codes at this page: http://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html -12195 is SSL_ERROR_UNKNOWN_CA_ALERT: "Peer does not recognize and trust the CA that issued your certificate." -12268 is SSL_ERROR_SSL_DISABLED: "The We have no public reachable server with that certificate, because nobody has installed SAP's CA Root certificate in their browsers...
That callback function returned SECFailure, and the bad certificate callback function either was not configured or did not choose to override the error code returned by the certificate authentication callback function. Then I change the version to 2, and it crashed earlier giving me "NSS error -12268" around line 6 of the verbose output. When sharing a VM with an arbitrary set of people, it is not desirable for the VM maintainer to create individual user accounts for each of them. Finally, this presentation has a lot of information.
I still got exactly the same verbose output, but towards the bottom, Where it reads *SSL read: errno -12195*, it became *SSL read: errno -12271*. This can be done by re-running this setup script. The local system was configured to support only the cipher suites permitted for export use. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update curl'.