5

I have problems connecting to https sites using cURL or wget. When I download from a https curl seems to be stuck while doing the TLS handshake, CERT. The problem is independent of the site (I noticed it using github) and wget is hanging too (although I didn't look into the verbose outputs there).

$ curl -v --trace-time https://www.google.de 10:35:21.532822 * About to connect() to www.google.de port 443 (#0) 10:35:21.533091 * Trying 209.85.148.147... connected 10:35:21.538666 * Connected to www.google.de (209.85.148.147) port 443 (#0) 10:35:21.539119 * SSLv3, TLS handshake, Client hello (1): 10:35:21.544129 * SSLv3, TLS handshake, Server hello (2): 10:35:21.544182 * SSLv3, TLS handshake, CERT (11):

I have waited >10 min but nothing happens. I am using OSX Lion.

$curl --version curl 7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM SSL libz

I don't know where to look for help so I'd be happy if you could give me some pointers.

Thanks

Improve this question
1
  • Do you have the same problem with other HTTPS sites? Do you have the same problem with other HTTPS clients? Are you behind a firewall that might inspect or hijack SSL traffic? Commented Nov 23, 2011 at 22:27

2 Answers 2

Reset to default
3

curl -v --trace-time https://www.google.de

21:50:34.054955 * About to connect() to www.google.de port 443 21:50:34.056574 * Trying 74.125.39.104... connected 21:50:34.104587 * Connected to www.google.de (74.125.39.104) port 443 21:50:34.313259 * successfully set certificate verify locations: 21:50:34.313349 * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none 21:50:34.313758 * SSLv2, Client hello (1): SSLv3, TLS handshake, Server hello (2): SSLv3, TLS handshake, CERT (11): SSLv3, TLS handshake, Server finished (14): SSLv3, TLS handshake, Client key exchange (16): SSLv3, TLS change cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSLv3, TLS change cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSL connection using RC4-SHA 21:50:34.418541 * Server certificate: 21:50:34.418631 * subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com 21:50:34.418726 * start date: 2011-10-26 00:00:00 GMT 21:50:34.418799 * expire date: 2013-09-30 23:59:59 GMT 21:50:34.418902 * SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de' 21:50:34.419000 * Closing connection #0 21:50:34.419124 * SSLv3, TLS alert, Client hello (1): curl: (51) SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de'

It seems you are not able to verify the certificate since you are missing the ca-bundle.crt. This belongs (in CentOS 5) to the openssl-rpm.

Improve this answer
2

A good way to manage these things in Mac OS X / Darwin would be to install a packagemanager such as Homebrew (http://brew.sh/)

This way when you install software like cURL you would get the whole dependency list too or you can just brew install openssl and problem solved ;)

Improve this answer
2
  • Note to the reviewers: link is clean, contains real software which is important part of the answer. Commented Feb 12, 2015 at 13:12
  • I am already using Homebrew. Thanks for the tip though. Commented Feb 13, 2015 at 15:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.