The server is using a signed certificate from a CA listed in the local CentOS server. I am able to download the cert by forcing SSLv3: $ curl --sslv3 --verbose -o/dev/null \ https://tcs.mysap.com/invoke/tc/getCert?SAPServerCA.der > ... The receipt of this alert is an error only if it occurs while a handshake is in progress. SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED -12210 "SSL Server attempted to use domestic-grade public key with export cipher Possible causes include: (a) both SSL2 and SSL3 are disabled, (b) All the individual SSL cipher suites are disabled, or (c) the socket is configured to handshake as a server, but
Upgraded documentation may be found in the Current NSS Reference NSS and SSL Error Codes Chapter 8 NSS and SSL Error Codes NSS error codes are retrieved using the NSPR SSL_ERROR_NO_CYPHER_OVERLAP -12286 "Cannot communicate securely with peer: no common encryption algorithm(s)." The local and remote systems share no cipher suites in common. SEC_ERROR_BAGGAGE_NOT_CREATED -8121 Error while creating baggage object. SEC_ERROR_EXPORTING_CERTIFICATES -8116 Error attempting to export certificates.
SEC_ERROR_KEYGEN_FAIL -8092 Unable to generate public-private key pair. I've tried to summarize some details here: http://permalink.gmane.org/gmane.comp.web.curl.library/25367 http://permalink.gmane.org/gmane.comp.web.curl.library/25371 We'll consider implementing such workaround in libcurl, but it's not so easy and definitely won't get into curl-7.19.7. By default it doesn't offer any ECC suites, and since your server (Cloudfare) accepts only certain ECC (specifically ECDHE) suites negotation fails.
If this occurs frequently on a server, an active attack (such as the "million question" attack) may be underway against the server. A paper I received to review has (independently) duplicated work that we are writing up. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the Nss Error 8018 SSL_ERROR_BAD_SERVER -12281 "The client has encountered bad data from the server." This error code should occur only on sockets that are acting as clients.
Check which variants your server supports, then use a specific option such as CURL_SSLVERSION_TLSv1_2 if your build supports it. –mario Jun 6 '15 at 3:27 how do i check Nss Error -5938 Curl Who is the tallest? If problems still persist, please make note of it in this bug report. http://unix.stackexchange.com/questions/280548/curl-doesnt-connect-to-https-while-wget-does-nss-error-12286 SEC_ERROR_NO_TOKEN -8127 The security card or token does not exist, needs to be initialized, or has been removed.
What "actually" happens at T-minus-0 Should I defragment my SSD? Nss Error 12263 Objects are still in use." SEC_ERROR_EXTRA_INPUT -8052 "DER-encoded message contained extra unused data." SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE -8051 "Unsupported elliptic curve." SEC_ERROR_UNSUPPORTED_EC_POINT_FORM -8050 "Unsupported elliptic curve point form." SEC_ERROR_UNRECOGNIZED_OID -8049 "Unrecognized Object IDentifier." SEC_ERROR_OCSP_INVALID_SIGNING_CERT Thanks for your quick and excellent support! Comment 12 Kamil Dudka 2009-10-07 18:41:34 EDT Elio, thanks for clarifying it!
Why does shared_ptr have a move constructor Please do my Martian homework How to tell if your flight has an air-bridge or stairs? If this occurs frequently on a server, an active attack (such as the "million question" attack) may be underway against the server. Nss Error Codes SEC_ERROR_UNTRUSTED_CERT -8171 Peer's certificate has been marked as not trusted by the user. Curl Nss Error 5938 If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update curl'.
more stack exchange communities company blog Stack Exchange Inbox Reputation and Badges sign up log in tour help Tour Start here for a quick overview of the site Help Center Detailed How to name an algorithm in a paper deleting billions of files from directory while seeing the progress as well Replace all values in one column to 1 Is a Turing My trust in the whole thing is coming back and all other minor problems would have been avoidable, if I would have read the 300 page manual before... This usually indicates that the client and server have failed to come to agreement on the set of keys used to encrypt the application data and to check message integrity. Curl Nss Error 5961
You should check the server side logs of curl's target to see why your connection was killed. Why would you not accept a free great person? SSL_ERROR_TX_RECORD_TOO_LONG -12262 "SSL attempted to send a record that exceeded the maximum permissible length." This error should never occur. Thanks a lot for your idea and support. –microstrip May 19 '15 at 6:15 add a comment| Your Answer draft saved draft discarded Sign up or log in Sign up
Please catch the standard error output to file and attach. "nss Error -8172" share|improve this answer answered Sep 11 '13 at 17:16 Andrew Domaszek 3,787821 Yeah, there isn't anything in the server httpd logs. If you haven’t previously confirmed a subscription to a Mozilla-related newsletter you may have to do so.
You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-12245 Comment 32 Fedora Update System 2009-11-30 23:36:31 EST curl-7.19.7-2.fc12 has been pushed to the Fedora 12 testing repository. Locally, I'm running CentOS 6.3. SEC_ERROR_PKCS12_INVALID_MAC -8113 Unable to import. Curl Nss Error 12286 Exception vs empty result set when the inputs are technically valid, but unsatisfiable Is it ethical to use proprietary (closed-source) software for scientific computation?
share|improve this answer answered Mar 3 '14 at 11:10 vzamanillo 6,15811142 add a comment| up vote 1 down vote What's Happening It sounds as though you are experiencing a timeout issue SEC_ERROR_NEED_RANDOM -8129 Security library: need random data. This can be due to a misconfiguration at either end. The Middle Way in practical life Why are some people so paranoid about music theory?
I see the POST to it, but that's it. SEC_ERROR_CERT_USAGES_INVALID -8154 Certificate usages field is invalid. Looks like twitter was having a similar problem (https://dev.twitter.com/discussions/1549) which they apparently fixed, but didn't elaborate on how it got fixed. Thank you again and tell everybody how good you have been!
XP_SEC_FORTEZZA_BAD_PIN -8136 Invalid PIN. This appears to be something out of sync internally, perhaps after RedHat's long denial of ECC. I am running the following version of cURL: curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/188.8.131.52 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 It's worth noting that this is working on two other remote servers which are both If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update curl'.
We have no public reachable server with that certificate, because nobody has installed SAP's CA Root certificate in their browsers... Zabbix is using curl to make https connections. What is this aircraft with elaborate folding wings? Does this use of std::make_unique lead to non-unique pointers?
Are pixels in Photoshop logical or physical? Let me explain: I am monitoring a complex application running on some servers. Naming the forces of the Purgatory? The other server (also a SAP JEE server of same version, but with a different, official Thawte certificate) does not show this behavior.
You can pick one of the SSL examples here: http://curl.haxx.se/libcurl/c/example.html Comment 17 Wolfram Wagner 2009-10-08 07:37:17 EDT Thanks... XP_SEC_FORTEZZA_BAD_CARD -8142 FORTEZZA card has not been properly initialized. Whatever ssl URL I try with curl, wget, openSSL I get results as expected. Maybe is there a problem with closing the SSL connections?
Any solution to get this forced to use TLS or maybe i'm totally wrong and it's completely related to some other setting? SEC_ERROR_REVOKED_KEY -8131 The key for this site's certificate has been revoked.