Forum

You are not logged in.

#1 19-03-2016 22:28:12

gd
Membre
Registered: 19-03-2016
Posts: 3

[ttrss] Erreur curl/openssl

Bonjour,

J'héberge mon instance ttrss et j'ai, pour quelques flux RSS, des erreurs de connexion. Ces erreurs sont reproductibles en ligne de commande, par exemple:

$ curl -v "https://chatsecure.org/feed.xml"
* About to connect() to chatsecure.org port 443 (#0)
*   Trying 2400:cb00:2048:1::681b:9747... connected
* Connected to chatsecure.org (2400:cb00:2048:1::681b:9747) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection #0
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Si je lance la même commande sur mon PC je n'ai pas d'erreur (j'obtiens bien le contenu du fichier feed.xml). Je pense que cela est dû à la version openssl utilisée pour compiler curl (et le module php). En local voici les infos de connexion que j'obtiens :

* Connected to chatsecure.org (2400:cb00:2048:1::681b:9747) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 692 certificates in /etc/ssl/certs
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_ECDSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: sni234262.cloudflaressl.com (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: EC
*        certificate version: #3
*        subject: OU=Domain Control Validated,OU=PositiveSSL Multi-Domain,CN=sni234262.cloudflaressl.com
*        start date: Fri, 18 Mar 2016 00:00:00 GMT
*        expire date: Sun, 18 Sep 2016 23:59:59 GMT
*        issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO ECC Domain Validation Secure Server CA 2
*        compression: NULL
* ALPN, server accepted to use h2
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55e8ab9c9f30)
> GET /feed.xml HTTP/1.1
> Host: chatsecure.org
> User-Agent: curl/7.47.0
> Accept: */*

À noter que ma version local de curl est compilée avec GnuTLS :

curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 libssh2/1.5.0 nghttp2/1.8.0 librtmp/2.3

Une idée pour résoudre le soucis ?

Offline

Board footer

Powered by FluxBB