Bug 1058776
Summary: | curl does not support ECDSA certificates | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Hubert Kario <hkario> | |
Component: | curl | Assignee: | Kamil Dudka <kdudka> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Hubert Kario <hkario> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 7.0 | CC: | emaldona, kdudka, ksrot, ovasik, rrelyea | |
Target Milestone: | rc | Keywords: | Patch | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | curl-7.29.0-15.el7 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1058767 | |||
: | 1156426 (view as bug list) | Environment: | ||
Last Closed: | 2014-06-13 13:08:33 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1058767 | |||
Bug Blocks: | 1057566, 1059670, 1156426 |
Description
Hubert Kario
2014-01-28 14:04:10 UTC
I tried the following prior to initiating the TLS handshake: for(i=0; i<SSL_NumImplementedCiphers; i++) { SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_TRUE); } ... and it did not seem to change anything. I will need to compile a debug build of NSS. (In reply to Hubert Kario from comment #0) > Connection using openssl s_client -starttls ftp -connect localhost:21 is > successful: I was unable to get the above working on my rawhide Fedora VM: $ openssl s_client -starttls ftp -connect localhost:21 CONNECTED(00000003) 139800219838336:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 58 bytes and written 259 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- (In reply to Kamil Dudka from comment #1) > (In reply to Hubert Kario from comment #0) > > Connection using openssl s_client -starttls ftp -connect localhost:21 is > > successful: > > I was unable to get the above working on my rawhide Fedora VM: > > $ openssl s_client -starttls ftp -connect localhost:21 > CONNECTED(00000003) > 139800219838336:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure:s23_clnt.c:741: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 58 bytes and written 259 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > --- in my test case, I'm adding the following to vsftpd.conf: ssl_enable=yes ssl_ciphers=ECDHE-ECDSA-AES128-SHA allow_anon_ssl=YES require_ssl_reuse=NO ca_certs_file=<path to CA cert file> rsa_cert_file=<path to server cert file> rsa_private_key_file=<path to server key file> ssl_tlsv1=YES Thank you Hubert! The above test works fine on my el7 vm. I will prepare a patch for curl to make the '--ciphers ecdh_ecdsa_aes_128_sha' option work as expected. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |