Hello,
I’m using your latest version of curl to connect to ssl url - the certificate authentication works not on all defined hosts
The response on the command looks like this

./curl https://hnb-web.r-services.at:51000 -v

• Rebuilt URL to: https://hnb-web.r-services.at:51000/
• IDN support not present, can’t parse Unicode domains
• Trying 10.15.34.115…
• Connected to hnb-web.r-services.at (10.15.34.115) port 51000 (#0)
• ALPN, offering http/1.1
• Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
• successfully set certificate verify locations:
• CAfile: /usr/lpp/ported/share/curl-ca-bundle.crt
  CApath: none
• TLSv1.2, TLS Unknown, Unknown (22):
• TLSv1.2, TLS handshake, Client hello (1):
• SSLv2, Unknown (22):
• TLSv1.2, TLS handshake, Server hello (2):
• SSLv2, Unknown (22):
• TLSv1.2, TLS handshake, CERT (11):
• SSLv2, Unknown (22):
• TLSv1.2, TLS handshake, Server finished (14):
• SSLv2, Unknown (22):
• TLSv1.2, TLS handshake, Client key exchange (16):
• SSLv2, Unknown (20):
• TLSv1.2, TLS change cipher, Client hello (1):
• SSLv2, Unknown (22):
• TLSv1.2, TLS handshake, Finished (20):
• SSLv2, Unknown (20):
• TLSv1.2, TLS change cipher, Client hello (1):
• SSLv2, Unknown (22):
• TLSv1.2, TLS handshake, Finished (20):
• SSL connection using TLSv1.2 / AES256-SHA
• ALPN, server did not agree to a protocol
• Server certificate:

•    subject: C=AT; ST=Vienna; L=Vienna; O=xxxxxxxxxxxx GmbH; OU=Web Services; CN=xxx-web.r-services.at
  

•    start date: 2013-06-14 08:29:06 GMT
  

•    expire date: 2018-06-13 08:29:06 GMT
  

• SSL: certificate subject name ‘▒▒▒▒▒▒K▒▒▒▒▒▒▒▒▒K▒▒’ does not match target host name ‘hnb-web.r-services.at’
• Closing connection 0
• SSLv2, Unknown (21):
• TLSv1.2, TLS alert, Client hello (1):
  curl: (51) SSL: certificate subject name ‘▒▒▒▒▒▒K▒▒▒▒▒▒▒▒▒K▒▒’ does not match target host name ‘hnb-web.r-services.at’

with other hostname it works. I think the problem seems not to be the certificate but something with ebcdic ascii conversion. Any suggestion how to fix that.
thank you
Andi O.

I am experiencing the exact same scenario with curl. Can you please advise how or if you resolved your issue.

Thanks in advance.

marcop

We suggest that you retry the command, supplying the additional argument -k. This argument disables some of the checks, and might allow it to work.

We would like to replicate this problem here. Can you suggest a public URL that might demonstrate this problem?

We are not sure whether IDN support is required for this to work, unfortunately we do not currently have a version of curl that contains support for IDN.

Hello,

Yes you are right - specifying the -k option is working but it is unsecure.
Unfortunately all the url we are using not for public use. If you will need
any documentation material I can create it for you.
I do not know if really IDN might be the problem - because on the working
and the not working command the verbose output says
IDN support not present, can’t parse Unicode domains

thank you for your assistance
best regards
Andi O.

My understanding is that it is a feature of curl and that you need to use –k or fix your certificate.

xxx-web.r-services.at in fact does not match hnb-web.r-services.at

Hello,

sorry - I changed it to xxx - the url in the certificate matches to
hnb-web.r-services.at

regards
Andi O.

Fundamental problem here is that our cURL port does not support ASCII. We are planning to release another port of cURL with ASCII support but it will not be for another few months per our current schedule.

Hello,

Yes - I think that points in the right direction.
Can you provide me a testing version of the port as soon as you’ve got it.

thank you
best regards
Andi O.