egghelp.org community Forum Index
[ egghelp.org home | forum home ]
egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

HTTP/TLS Package
Goto page Previous  1, 2
 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Scripting Help
View previous topic :: View next topic  
Author Message
w00f
Halfop


Joined: 04 Oct 2006
Posts: 49

PostPosted: Sat Mar 06, 2010 10:34 pm    Post subject: Reply with quote

Setting the debug value to 0/1 will output the following when executing the wget proc,

::tls::debug 0
TLS/sock7: error: certificate verify failed

::tls::debug 1
TLS/sock7: verify/3: Bad Cert: self signed certificate in certificate chain (rc = 0)

:\
Back to top
View user's profile Send private message
nml375
Revered One


Joined: 04 Aug 2006
Posts: 2857

PostPosted: Sat Mar 06, 2010 10:53 pm    Post subject: Reply with quote

Well, there is something fishy there..
Unfortunately, I'm unable to connect to xpto.com:443 from here, so that makes it a little hard to have a closer look at the certificate chain :/
Could you run the following command from your shell, and post the output?
Code:
openssl s_client -showcerts -connect xpto.com:443

And possibly also this one:
Code:
openssl s_client -showcerts -connect xpto.com:443 -CApath /etc/ssl/certs

That should provide some clues to the self signed certificate...
(the openssl s_client opens a ssl-encrypted "telnet" session with the remote host, just hit ctrl+C to disconnect, or test writing a "GET / HTTP/1.0" http request and see what happens).
_________________
NML_375, idling at #eggdrop@IrcNET
Back to top
View user's profile Send private message
w00f
Halfop


Joined: 04 Oct 2006
Posts: 49

PostPosted: Sun Mar 07, 2010 2:38 pm    Post subject: Reply with quote

Yea sure.

openssl s_client -showcerts -connect xpto.com:443 >> ssl
http://pastebin.com/scQq6ZTK

openssl s_client -showcerts -connect xpto.com:443 -CApath /etc/ssl/certs >> ssl2
http://pastebin.com/UkM7ps5V
Back to top
View user's profile Send private message
nml375
Revered One


Joined: 04 Aug 2006
Posts: 2857

PostPosted: Sun Mar 07, 2010 2:49 pm    Post subject: Reply with quote

Well, that pretty much concludes that your issue with self-signed certificate is due to a missing CA (solved with the -CApath option). Did you try sending a http-request (and was it successful)?

Lets try a new set:
Code:
http::register https 443 [list ::tls::socket -require 0 -request 1 -tls1 1 -command ::tls::callback -cadir /etc/ssl/certs]
set ::tls::debug 0
set ::tls::logcmd putlog

Now we've enabled TLSv1 (since your openssl s_client suggests that's what your server likes), as well as included the CA-directory, and using the builtin callback to log (and validate certs - should work as we've added the -cadir option).
_________________
NML_375, idling at #eggdrop@IrcNET
Back to top
View user's profile Send private message
w00f
Halfop


Joined: 04 Oct 2006
Posts: 49

PostPosted: Wed Mar 10, 2010 8:04 am    Post subject: Reply with quote

Thanks nml375, but it still returns eof =/
lol this is getting weirder
Back to top
View user's profile Send private message
nml375
Revered One


Joined: 04 Aug 2006
Posts: 2857

PostPosted: Wed Mar 10, 2010 1:52 pm    Post subject: Reply with quote

Hmm... running very low in ideas then :/
_________________
NML_375, idling at #eggdrop@IrcNET
Back to top
View user's profile Send private message
w00f
Halfop


Joined: 04 Oct 2006
Posts: 49

PostPosted: Thu Mar 18, 2010 12:34 pm    Post subject: Reply with quote

no problemo,
thanks for the effort Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Scripting Help All times are GMT - 4 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber