You are not logged in.
Some https sites can not be reached in my system, and it is going to include more https sites as times goes by. I have noticed that the problem is the SSL certificate. I even check an arch iso and there I have the same problem. I tetsted two thing in case it rings any bell for you
omid@localhost›~⁑ curl -v https://github.com
* Rebuilt URL to: https://github.com/
* Adding handle: conn: 0x1757250
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1757250) send_pipe: 1, recv_pipe: 0
* About to connect() to github.com port 443 (#0)
* Trying 192.30.252.128...
* Connected to github.com (192.30.252.128) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* Unknown SSL protocol error in connection to github.com:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to github.com:443in which you can see the problem. But
omid@localhost›~35↵⁑ curl -v3 https://github.com
* Rebuilt URL to: https://github.com/
* Adding handle: conn: 0xf31250
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0xf31250) send_pipe: 1, recv_pipe: 0
* About to connect() to github.com port 443 (#0)
* Trying 192.30.252.129...
* Connected to github.com (192.30.252.129) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; serialNumber=5157550; street=548 4th Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
* start date: 2013-06-10 00:00:00 GMT
* expire date: 2015-09-02 12:00:00 GMT
* subjectAltName: github.com matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance EV CA-1
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.33.0
> Host: github.com
> Accept: */*
>
< HTTP/1.1 200 OK
* Server GitHub.com is not blacklisted
< Server: GitHub.com
< Date: Fri, 06 Dec 2013 09:55:10 GMT
< Content-Type: text/html; charset=utf-8
< Status: 200 OK
< Cache-Control: private, max-age=0, must-revalidate
< Strict-Transport-Security: max-age=2592000
< X-Frame-Options: deny
< Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Tue, 06-Dec-2033 09:55:10 GMT; secure; HttpOnly
.....which seems OK. Is there even anyway to add certificate to avoid this strange behavior. I use an updated x86_64 KDE.
Last edited by nikta (2013-12-06 11:37:06)
Offline
What do following commands spit out?
$ ldd `which curl`
$ pacman -Q|egrep '(openssl|curl|ca-cert)'Offline
[omid@localhost ~]$ ldd `which curl`
linux-vdso.so.1 (0x00007fff8bd7c000)
libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007f9f479c6000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f9f477b0000)
libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f9f47592000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f9f471e7000)
libssh2.so.1 => /usr/lib/libssh2.so.1 (0x00007f9f46fbe000)
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f9f46d51000)
libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007f9f46949000)
/lib64/ld-linux-x86-64.so.2 (0x00007f9f47c2b000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f9f46745000)
[omid@localhost ~]$ pacman -Q|egrep '(openssl|curl|ca-cert)'
ca-certificates 20130906-1
ca-certificates-java 20130815-1
curl 7.33.0-3
lib32-openssl 1.0.1.e-2
mingw-w64-openssl 1.0.1e-4
openssl 1.0.1.e-5Last edited by nikta (2013-12-06 13:15:18)
Offline
Some weird openssl linkage would have been my guess, but it looks sane on your box.
Maybe someone else has more ideas.
Offline
Never used mingw, but maybe it is due to:
mingw-w64-openssl 1.0.1e-4
openssl 1.0.1.e-5being installed in parallel with different patchlevels?
Offline
Never used mingw, but maybe it is due to:
mingw-w64-openssl 1.0.1e-4 openssl 1.0.1.e-5being installed in parallel with different patchlevels?
It has nothing to do with mingw, as I have been using it till now without any problem and suddenly it stoped working. But I realized something: apparently my country government has closed two protocol of three available SSL protocols. Only SSL3 is open now and thats why the -3 switch is working and not the default one. So here is my new question:
Is there any way to force curl and libcurl change their default ssl protocol to ssl3?
Offline