Ok, given that I discovered the same behavior from wget I decided going
directly to openssl.
r...@natty:~# openssl s_client -connect www.etisalat.com.eg:443
CONNECTED(00000003)
1432:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected
message:s23_clnt.c:602:
r...@natty:~#
Looks familiar?
Explicitly asking for ssl3, we get the following response:
r...@natty:~# openssl s_client -ssl3 -connect www.etisalat.com.eg:443
CONNECTED(00000003)
depth=3 /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE
CyberTrust Global Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=EG/L=Cairo/ST=Cairo/O=etisalat/OU=IT/CN=*.etisalat.com.eg
i:/C=AE/O=Etisalat/OU=Etisalat eBusiness Services/CN=Comtrust Server
Certification Authority
1 s:/C=AE/O=Etisalat/OU=Etisalat eBusiness Services/CN=Comtrust Server
Certification Authority
i:/C=AE/O=Etisalat/OU=Etisalat eBusiness Services/CN=Comtrust Root
Certification Authority
2 s:/C=AE/O=Etisalat/OU=Etisalat eBusiness Services/CN=Comtrust Root
Certification Authority
i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE
CyberTrust Global Root
3 s:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE
CyberTrust Global Root
i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE
CyberTrust Global Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID5TCCAs2gAwIBAgICEEswDQYJKoZIhvcNAQEFBQAweDELMAkGA1UEBhMCQUUx
ETAPBgNVBAoTCEV0aXNhbGF0MSQwIgYDVQQLExtFdGlzYWxhdCBlQnVzaW5lc3Mg
U2VydmljZXMxMDAuBgNVBAMTJ0NvbXRydXN0IFNlcnZlciBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0xMDAzMTQxMzM5MThaFw0xMjAzMTQxMzM5MThaMGkxCzAJ
BgNVBAYTAkVHMQ4wDAYDVQQHEwVDYWlybzEOMAwGA1UECBMFQ2Fpcm8xETAPBgNV
BAoTCGV0aXNhbGF0MQswCQYDVQQLEwJJVDEaMBgGA1UEAxQRKi5ldGlzYWxhdC5j
b20uZWcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMtR6BtuLt3MYE91KI0Q
ZgYUK7Qd+xb+8noqbRMnA2fWRML5slebffXjR6/MnTKd3mg4kh8+N1CYdWnnuQXq
AsY/jcgZ7aH3lPga1BeVXCbAARJfVUy4XXIh60kCg1pibz2ZdM6y/qXHccLjDwet
I7IiLUGsqYjBGv/I2DEWt1ZrAgMBAAGjggEKMIIBBjAJBgNVHRMEAjAAMEwGA1Ud
IARFMEMwQQYLKwYBBAGyXQIBAQAwMjAwBggrBgEFBQcCARYkaHR0cDovL2NvbXRy
dXN0LmV0aXNhbGF0LmFlL2Nwcy5odG1sMCYGA1UdEQQfMB2BG1RhbWVyLkVsR29o
YXJ5QGV0aXNhbGF0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwHwYDVR0jBBgwFoAUeIDkXQxvf3/oqMvK+Q5xYj6rQrowPQYDVR0fBDYw
NDAyoDCgLoYsaHR0cDovL2NvbXRydXN0LmV0aXNhbGF0LmFlL2NybC9zZXJ2ZXJj
YS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAI9mNP5zkEKRuG9DO4HDPCVNsTVmrMnt
oTK1vnzFGKAXamb87jy35yADNOYcFOH4VXOaEjtJOy9s3UUtd/A80JYw2zjyEzud
9kTdefiXBOd8pescZa8f7xzy5UPBacWBu1hxAAF0Pj8uL5QYULZmL50G4DINsDUi
DjyGAWJDyotGRqbFKX7XhJb+t793a1hvdvGFfW+QI4ovHTh8D+RK+i+/g/8oE/a4
JE3e2E+Pj7FzqrDTurkq6w0tj/24YLepudo936NpAfC7RtjxPSb647+2Tdjf4Kao
z0hjMrS30cnTjQMNw+QqQmNrNp21rKM7QHCmCnYEAWn0TkGMx5enNEA=
-----END CERTIFICATE-----
subject=/C=EG/L=Cairo/ST=Cairo/O=etisalat/OU=IT/CN=*.etisalat.com.eg
issuer=/C=AE/O=Etisalat/OU=Etisalat eBusiness Services/CN=Comtrust Server
Certification Authority
---
No client certificate CA names sent
---
SSL handshake has read 3996 bytes and written 301 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key:
6AC3114D500CAC9F4A5135EDCFA45D905DF09FFECB10F818AF679B17062F0811F685DF6745C5B91A86D7DC3BA5770BC7
Key-Arg : None
Start Time: 1290712758
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
This using openssl 0.9.8o-1ubuntu4.2, which currently is what is in
Natty.
To be honest I don't know enough about how ssl/tls is supposed to work
to say whatever this is a bug in openssl or if it is due to some server
side quirk.
** Also affects: openssl (Ubuntu)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu)
Status: New => Incomplete
** Summary changed:
- Curl fails to open some https URLs with "illegal parameter" error
+ Curl (openssl) fails to open some https URLs with "illegal parameter" error
--
Curl (openssl) fails to open some https URLs with "illegal parameter" error
https://bugs.launchpad.net/bugs/595415
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
