Re: False positive

Reply: The Doctor : "Re: False positive"
In reply to: The Doctor : "False positive"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Oleksandr Kryvulia <shuriku_at_shurik.kiev.ua>
Date: Thu, 27 Feb 2025 05:14:14 UTC
26.02.25 22:51, The Doctor:
> This main server is seeing
>
> curl -v -v -v -v -v -v -v -v -v -v -v -v  https://gateway.moneris.com/chktv2/request/request.php
> * !!! WARNING !!!
> * This is a debug build of libcurl, do not use in production.
> * STATE: INIT => SETUP handle 0x15e5070d7808; line 2393
> * STATE: SETUP => CONNECT handle 0x15e5070d7808; line 2409
> * Added connection 0. The cache now contains 1 members
> * STATE: CONNECT => RESOLVING handle 0x15e5070d7808; line 2308
> * Curl_multi_closed, fd=4 multi is 0x15e507095008
> * Curl_multi_closed, fd=4 entry is 0x15e507010508
> * Host gateway.moneris.com:443 was resolved.
> * IPv6: (none)
> * IPv4: 23.249.192.196
> * STATE: RESOLVING => CONNECTING handle 0x15e5070d7808; line 2266
> *   Trying 23.249.192.196:443...
> * ALPN: curl offers h2,http/1.1
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
> * SSL certificate problem: self-signed certificate in certificate chain
> * multi_done[CONNECTING]: status: 60 prem: 1 done: 0
> * multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0
> * Curl_disconnect(conn #0, aborted=1)
> * closing connection #0
> * [CCACHE] closing #0
> * Curl_multi_closed, fd=4 multi is 0x15e507095008
> * Curl_multi_closed, fd=4 entry is (nil)
> * [CCACHE] trigger multi connchanged
> curl: (60) SSL certificate problem: self-signed certificate in certificate chain
> More details here: https://curl.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the webpage mentioned above.
>
>
> yet wen I check against KAli, the server
> says the certificate is correct.
>
> What could have gone wrong?
>
I do not have this problem. ftp/curl built fom latest packages, version 
8.12.1.

% curl -v -v -v -v -v -v -v -v -v -v -v -v 
https://gateway.moneris.com/chktv2/request/request.php
* Host gateway.moneris.com:443 was resolved.
* IPv6: (none)
* IPv4: 23.249.192.196
*   Trying 23.249.192.196:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / 
prime256v1 / rsaEncryption
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=CA; ST=Ontario; L=Etobicoke; O=Moneris Solutions 
Corporation; CN=gateway.moneris.com
*  start date: Sep 20 14:46:33 2024 GMT
*  expire date: Oct 19 14:46:32 2025 GMT
*  subjectAltName: host "gateway.moneris.com" matched cert's 
"gateway.moneris.com"
*  issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; 
OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust 
Certification Authority - L1K
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), 
signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), 
signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (2048/112 Bits/secBits), 
signed using sha1WithRSAEncryption
* Connected to gateway.moneris.com (23.249.192.196) port 443
* using HTTP/1.x
 > GET /chktv2/request/request.php HTTP/1.1
 > Host: gateway.moneris.com
 > User-Agent: curl/8.12.1
 > Accept: */*
 >
* Request completely sent off
< HTTP/1.1 200 OK
< Date: Thu, 27 Feb 2025 05:05:51 GMT
< Set-Cookie: GWID=5r08cio9drsdgp3ht14vh5gm07; path=/; secure; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Content-Length: 120
< Content-Type: application/json
< Set-Cookie: 
TS019fcda0=015a7b8a0ba69d7487449af4e6244b5af029cd371252f3c29241d62c4f336e79130a22ac475f4f7fcfd170687cac1a3d9f3c133aa286fa274318844792223c93e9b50193bc; 
Path=/; Domain=.gateway.moneris.com; Secure;
<
Exception: Invalid JSON input