Re: SSL connect error

Thu, 09 Dec 2021 03:49:32 -0800 

W dniu 2021-12-09 09:12, Thierry Huchard via curl-library napisał(a):

Le 2021-12-08 18:03, Dan Fandrich via curl-library a écrit :

On Wed, Dec 08, 2021 at 02:53:54PM +0100, Thierry Huchard via
curl-library wrote:
I am the maintainer of the sane-escl backend, I have an error on an https 
access on a canon XK90 scanner.
If you have an idea of why and how to bypass it, I'm interested!

    curl_handle = curl_easy_init();
    curl_easy_setopt(curl_handle, CURLOPT_URL,
"https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities";);
    curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
    curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, memory_callback_c); 
    curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)var);
curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION, header_callback); curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, (void *)header); 
    curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L);
    curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 3L);
    CURLcode res = curl_easy_perform(curl_handle);
    if (res != CURLE_OK) {
printf("respond: %s\n", curl_easy_strerror(res)); // respond: SSL 
connect error
Could it be similar to Github issue #5356? Namely, the scanner is running years-old firmware that uses a long-obsolete TLS version and OpenSSL is now refusing to talk to it for security reasons? What TLS back-end is your 
libcurl using? What TLS version does the scanner want to use?
On FreeBSD 12.2-RELEASE, the version of OpenSSL is 1.1.1k and curl is 7.73.0 
For the device in question the documentation is not easy to read, the
ideal would have been in French, I could have arranged with English,
but Japanese, not possible!
So I have no information about it, I know that http requests work. I
would have liked to force the discussion.
I will test the https connection and switch to http if it fails...
Thanks for the feedback!

Thierry
Try running following command, it will print more details about what was going on during connection process: 

curl -vk https://192.168.yyy.xxx:443/eSCL/ScannerCapabilities
You can also capture packets using Wireshark and check what happened during TLS handshake. 

Daniel
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Reply via email to