Hi,
I'm having trouble with downloading resources (stylesheet etc) from an HTTPS site that is using an EV wildcard certificate. A simple curl works, with the verbose option turned on, it says:
"subjectAltName: blah.domain matched"
...
"* SSL certificate verify ok."
Prince complains, however:
prince: https://blah.domain/style.css: warning: server certificate verification failed. CAfile: /usr/lib/prince/etc/curl-ca-bundle.crt CRLfile: none
I also tried curl with the prince-bundled crt file, that also works;
I tried prince with the system bundle, that doesn't work either;
I tried wget but that doesn't seem to tell anything about certificate validation.
kind regards,
Jeroen
---
jeroenp@host:~$ ldd /usr/lib/prince/bin/prince | egrep 'ssl|tls|cryp'
libcurl-gnutls.so.4 => /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
libgcrypt.so.11 => /lib/x86_64-linux-gnu/libgcrypt.so.11
libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26
libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3
libhcrypto.so.4 => /usr/lib/x86_64-linux-gnu/libhcrypto.so.4
libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
jeroen@host:~$ curl --version
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
I'm having trouble with downloading resources (stylesheet etc) from an HTTPS site that is using an EV wildcard certificate. A simple curl works, with the verbose option turned on, it says:
"subjectAltName: blah.domain matched"
...
"* SSL certificate verify ok."
Prince complains, however:
prince: https://blah.domain/style.css: warning: server certificate verification failed. CAfile: /usr/lib/prince/etc/curl-ca-bundle.crt CRLfile: none
I also tried curl with the prince-bundled crt file, that also works;
I tried prince with the system bundle, that doesn't work either;
I tried wget but that doesn't seem to tell anything about certificate validation.
kind regards,
Jeroen
---
jeroenp@host:~$ ldd /usr/lib/prince/bin/prince | egrep 'ssl|tls|cryp'
libcurl-gnutls.so.4 => /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4
libgcrypt.so.11 => /lib/x86_64-linux-gnu/libgcrypt.so.11
libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26
libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3
libhcrypto.so.4 => /usr/lib/x86_64-linux-gnu/libhcrypto.so.4
libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
jeroen@host:~$ curl --version
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP