HTTP/TLS Package

[w00f]

Setting the debug value to 0/1 will output the following when executing the wget proc,

::tls::debug 0
TLS/sock7: error: certificate verify failed

::tls::debug 1
TLS/sock7: verify/3: Bad Cert: self signed certificate in certificate chain (rc = 0)

:\

[nml375]

Well, there is something fishy there..
Unfortunately, I'm unable to connect to xpto.com:443 from here, so that makes it a little hard to have a closer look at the certificate chain :/
Could you run the following command from your shell, and post the output?

Code: Select all

openssl s_client -showcerts -connect xpto.com:443

And possibly also this one:

Code: Select all

openssl s_client -showcerts -connect xpto.com:443 -CApath /etc/ssl/certs

That should provide some clues to the self signed certificate...
(the openssl s_client opens a ssl-encrypted "telnet" session with the remote host, just hit ctrl+C to disconnect, or test writing a "GET / HTTP/1.0" http request and see what happens).

[w00f]

Yea sure.

openssl s_client -showcerts -connect xpto.com:443 >> ssl
http://pastebin.com/scQq6ZTK

openssl s_client -showcerts -connect xpto.com:443 -CApath /etc/ssl/certs >> ssl2
http://pastebin.com/UkM7ps5V

[nml375]

Well, that pretty much concludes that your issue with self-signed certificate is due to a missing CA (solved with the -CApath option). Did you try sending a http-request (and was it successful)?

Lets try a new set:

Code: Select all

http::register https 443 [list ::tls::socket -require 0 -request 1 -tls1 1 -command ::tls::callback -cadir /etc/ssl/certs]
set ::tls::debug 0
set ::tls::logcmd putlog

Now we've enabled TLSv1 (since your openssl s_client suggests that's what your server likes), as well as included the CA-directory, and using the builtin callback to log (and validate certs - should work as we've added the -cadir option).

[w00f]

Thanks nml375, but it still returns eof =/
lol this is getting weirder

[nml375]

Hmm... running very low in ideas then :/

[w00f]

no problemo,
thanks for the effort