Databases
StackOverflow2013
Postsdbo
POcurl NSS -12286 error in TLS handshake
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POcurl NSS -12286 error in TLS handshake
    text
    copied!<p>I am getting NSS -12286 error while trying to load the https page using the ca certificate using cacertinpem.c curl c code. i am using cacert.pem file in the code alog with path. but same thing is working when i try using curl -v "<a href="https://sampleserve.com:443" rel="nofollow">https://sampleserve.com:443</a>",in this case ssl is taking default ca path as "/etc/tls/certs/ca.budle.crt" </p> <p>But this c code is not working for both default ca location and external path selection of ca aswell.</p> <p>What is the reason for this error(NSS -12286).</p> <pre><code>Error: * About to connect() to fiservices.sterlingbankng.com port 443 (#0) * Trying 1.1.1.1... * Connection timed out * Trying 1.1.1.2... * connected * Connected to fiservices.sterlingbankng.com (1.1.1.2) port 443 (#0) * Initializing NSS with certpath: /etc/pki/nssdb * CAfile: ./cacert.pem CApath: ./cacert.pem * NSS error -12286 * Error in TLS handshake, trying SSLv3... GET /CanFI/ HTTP/1.1 Host: sampleserver.com Accept: */* * Connection died, retrying a fresh connect * Closing connection #0 * Issue another request to this URL: 'https://sampleserver.com' * About to connect() to sampleserver.com port 443 (#0) * Trying 1.1.1.1... * Connection timed out * Trying 1.1.1.2... * connected * Connected to sampleserver.com (1.1.1.2) port 443 (#0) * TLS disabled due to previous handshake failure * CAfile: ./cacert.pem CApath: ./cacert.pem * NSS error -12286 * Closing connection #0 * SSL connect error </code></pre> <p>Sample code:</p> <pre><code>size_t writefunction( void *ptr, size_t size, size_t nmemb, void *stream) { fwrite(ptr,size,nmemb,stream); return(nmemb*size); } static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm) { X509_STORE * store; X509 * cert=NULL; BIO * bio; char * mypem = "-----BEGIN CERTIFICATE-----\n"\ "-----END CERTIFICATE-----\n"; //public certificate } int main(void) { CURL * ch; CURLcode rv; rv=curl_global_init(CURL_GLOBAL_ALL); ch=curl_easy_init(); rv=curl_easy_setopt(ch,CURLOPT_VERBOSE, 1L); rv=curl_easy_setopt(ch,CURLOPT_HEADER, 0L); rv=curl_easy_setopt(ch,CURLOPT_NOPROGRESS, 1L); rv=curl_easy_setopt(ch,CURLOPT_NOSIGNAL, 1L); rv=curl_easy_setopt(ch,CURLOPT_WRITEFUNCTION, *writefunction); rv=curl_easy_setopt(ch,CURLOPT_WRITEDATA, stdout); rv=curl_easy_setopt(ch,CURLOPT_HEADERFUNCTION, *writefunction); rv=curl_easy_setopt(ch,CURLOPT_WRITEHEADER, stderr); rv=curl_easy_setopt(ch,CURLOPT_SSLCERTTYPE,"PEM"); rv=curl_easy_setopt (ch, CURLOPT_CAPATH, "./cacert.pem" ); rv=curl_easy_setopt (ch, CURLOPT_CAINFO, "./cacert.pem" ); rv=curl_easy_setopt(ch,CURLOPT_SSL_VERIFYPEER,1L); rv=curl_easy_setopt(ch, CURLOPT_URL, "https://"); rv=curl_easy_perform(ch); if (rv==CURLE_OK) printf("*** transfer succeeded ***\n"); else printf("*** transfer failed ***\n"); rv=curl_easy_setopt(ch,CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); rv=curl_easy_perform(ch); if (rv==CURLE_OK) printf("*** transfer succeeded ***\n"); else printf("*** transfer failed ***\n"); curl_easy_cleanup(ch); curl_global_cleanup(); return rv; } </code></pre> <p>Thanks</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload