| View previous topic :: View next topic |
| Author |
Message |
w00f
Halfop
Joined: 04 Oct 2006
Posts: 49
|
 Posted: Sat Mar 06, 2010 10:34 pm Post subject: |
 |
|
Setting the debug value to 0/1 will output the following when executing the wget proc,
::tls::debug 0
TLS/sock7: error: certificate verify failed
::tls::debug 1
TLS/sock7: verify/3: Bad Cert: self signed certificate in certificate chain (rc = 0)
:\ |
|
| Back to top |
|
 |
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Sat Mar 06, 2010 10:53 pm Post subject: |
|
|
Well, there is something fishy there..
Unfortunately, I'm unable to connect to xpto.com:443 from here, so that makes it a little hard to have a closer look at the certificate chain :/
Could you run the following command from your shell, and post the output?
| Code: | | openssl s_client -showcerts -connect xpto.com:443 |
And possibly also this one:
| Code: | | openssl s_client -showcerts -connect xpto.com:443 -CApath /etc/ssl/certs |
That should provide some clues to the self signed certificate...
(the openssl s_client opens a ssl-encrypted "telnet" session with the remote host, just hit ctrl+C to disconnect, or test writing a "GET / HTTP/1.0" http request and see what happens).
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
w00f
Halfop
Joined: 04 Oct 2006
Posts: 49
|
|
| Back to top |
|
|
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Sun Mar 07, 2010 2:49 pm Post subject: |
|
|
Well, that pretty much concludes that your issue with self-signed certificate is due to a missing CA (solved with the -CApath option). Did you try sending a http-request (and was it successful)?
Lets try a new set:
| Code: | http::register https 443 [list ::tls::socket -require 0 -request 1 -tls1 1 -command ::tls::callback -cadir /etc/ssl/certs]
set ::tls::debug 0
set ::tls::logcmd putlog |
Now we've enabled TLSv1 (since your openssl s_client suggests that's what your server likes), as well as included the CA-directory, and using the builtin callback to log (and validate certs - should work as we've added the -cadir option).
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
w00f
Halfop
Joined: 04 Oct 2006
Posts: 49
|
| Posted: Wed Mar 10, 2010 8:04 am Post subject: |
|
|
Thanks nml375, but it still returns eof =/
lol this is getting weirder |
|
| Back to top |
|
|
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Wed Mar 10, 2010 1:52 pm Post subject: |
|
|
Hmm... running very low in ideas then :/
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
w00f
Halfop
Joined: 04 Oct 2006
Posts: 49
|
| Posted: Thu Mar 18, 2010 12:34 pm Post subject: |
|
|
no problemo,
thanks for the effort  |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
