** Description changed: The bug: - $ curl -sS -v -k https://jenkins.musta.ch//job/monorail_build_flow/4940/api/json - * About to connect() to jenkins.musta.ch port 443 (#0) - * Trying 10.147.129.217... connected - * successfully set certificate verify locations: - * CAfile: none - CApath: /etc/ssl/certs - * SSLv3, TLS handshake, Client hello (1): - * SSLv3, TLS handshake, Server hello (2): - * SSLv3, TLS handshake, CERT (11): - * SSLv3, TLS handshake, Server key exchange (12): - * SSLv3, TLS handshake, Server finished (14): - * SSLv3, TLS handshake, Client key exchange (16): - * SSLv3, TLS change cipher, Client hello (1): - * SSLv3, TLS handshake, Finished (20): - * SSLv3, TLS change cipher, Client hello (1): - * SSLv3, TLS handshake, Finished (20): - * SSL connection using ECDHE-RSA-AES256-SHA - * Server certificate: - * subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com - * start date: 2012-10-23 18:01:55 GMT - * expire date: 2013-10-24 18:33:00 GMT - * subjectAltName does not match jenkins.musta.ch - * Closing connection #0 - * SSLv3, TLS alert, Client hello (1): - * SSL peer certificate or SSH remote key was not OK - curl: (51) SSL peer certificate or SSH remote key was not OK ubuntu@i-60bcba0e:~$ curl -sS -v -k https://jenkins.musta.ch/ * About to connect() to jenkins.musta.ch port 443 (#0) * Trying 10.147.129.217... connected * successfully set certificate verify locations: * CAfile: none - CApath: /etc/ssl/certs + CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES256-SHA * Server certificate: * subject: O=*.airbnb.com; OU=Domain Control Validated; CN=*.airbnb.com * start date: 2012-10-23 18:01:55 GMT * expire date: 2013-10-24 18:33:00 GMT * subjectAltName does not match jenkins.musta.ch * Closing connection #0 * SSLv3, TLS alert, Client hello (1): * SSL peer certificate or SSH remote key was not OK curl: (51) SSL peer certificate or SSH remote key was not OK - The fix: --- a/src/main.c +++ b/src/main.c @@ -5375,7 +5375,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[]) - if(config->insecure_ok) { - /* new stuff needed for libcurl 7.10 */ - my_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); + if(config->insecure_ok) { + /* new stuff needed for libcurl 7.10 */ + my_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); - my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1); + my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); - } - else { - char *home = homedir(); + } + else { + char *home = homedir();
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1258366 Title: curl -k breaks for some certificates after USN-2048-1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1258366/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
