All of lore.kernel.org
 help / color / mirror / Atom feed
From: Boszormenyi Zoltan <zboszor@pr.hu>
To: angstrom-distro-devel@linuxtogo.org,
	 openembedded-devel@lists.openembedded.org
Cc: Christian Betz <cbetz@sicom.com>
Subject: SSL crypto broken in Daisy?
Date: Thu, 18 Sep 2014 14:36:16 +0200	[thread overview]
Message-ID: <541AD1C0.8000008@pr.hu> (raw)

Hi,

I have built systemd-gnome-image from Daisy-based Angström using instructions from

http://wp.angstrom-distribution.org/?page_id=53

The set of layers include "meta-intel" and I use the "genericx86" CPU.

The image I have has curl installed and whenever I want to use an https:// URL from
the internal LAN it fails with:

========================================
curl: (35) gnutls_handshake() failed: Handshake failed
========================================

The same happens with and without option "-k" (or "--insecure") to curl.

The webserver's cert is not actually right, as I get this when I use curl from Fedora 19,
20 or 21Alpha:

========================================
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
========================================

But using "curl -k" with the same URL from the *Fedora client* fetches the data properly.

Is this problem already known in Daisy or Daisy-based Angström?

Thanks in advance,
Zoltán Böszörményi



             reply	other threads:[~2014-09-18 12:36 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-18 12:36 Boszormenyi Zoltan [this message]
2014-09-18 12:41 ` SSL crypto broken in Daisy? Paul Eggleton
2014-09-18 13:17   ` Boszormenyi Zoltan
2014-09-19  9:38     ` Boszormenyi Zoltan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=541AD1C0.8000008@pr.hu \
    --to=zboszor@pr.hu \
    --cc=angstrom-distro-devel@linuxtogo.org \
    --cc=cbetz@sicom.com \
    --cc=openembedded-devel@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.