Re: False positive
- In reply to: The Doctor : "Re: False positive"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 28 Feb 2025 07:06:39 UTC
27.02.25 19:06, The Doctor: > On Thu, Feb 27, 2025 at 07:14:14AM +0200, Oleksandr Kryvulia wrote: >> 26.02.25 22:51, The Doctor: >>> This main server is seeing >>> >>> curl -v -v -v -v -v -v -v -v -v -v -v -vhttps://gateway.moneris.com/chktv2/request/request.php >>> * !!! WARNING !!! >>> * This is a debug build of libcurl, do not use in production. >>> * STATE: INIT => SETUP handle 0x15e5070d7808; line 2393 >>> * STATE: SETUP => CONNECT handle 0x15e5070d7808; line 2409 >>> * Added connection 0. The cache now contains 1 members >>> * STATE: CONNECT => RESOLVING handle 0x15e5070d7808; line 2308 >>> * Curl_multi_closed, fd=4 multi is 0x15e507095008 >>> * Curl_multi_closed, fd=4 entry is 0x15e507010508 >>> * Host gateway.moneris.com:443 was resolved. >>> * IPv6: (none) >>> * IPv4: 23.249.192.196 >>> * STATE: RESOLVING => CONNECTING handle 0x15e5070d7808; line 2266 >>> * Trying 23.249.192.196:443... >>> * ALPN: curl offers h2,http/1.1 >>> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >>> * TLSv1.3 (IN), TLS handshake, Server hello (2): >>> * TLSv1.2 (IN), TLS handshake, Certificate (11): >>> * TLSv1.2 (OUT), TLS alert, unknown CA (560): >>> * SSL certificate problem: self-signed certificate in certificate chain >>> * multi_done[CONNECTING]: status: 60 prem: 1 done: 0 >>> * multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0 >>> * Curl_disconnect(conn #0, aborted=1) >>> * closing connection #0 >>> * [CCACHE] closing #0 >>> * Curl_multi_closed, fd=4 multi is 0x15e507095008 >>> * Curl_multi_closed, fd=4 entry is (nil) >>> * [CCACHE] trigger multi connchanged >>> curl: (60) SSL certificate problem: self-signed certificate in certificate chain >>> More details here:https://curl.se/docs/sslcerts.html >>> >>> curl failed to verify the legitimacy of the server and therefore could not >>> establish a secure connection to it. To learn more about this situation and >>> how to fix it, please visit the webpage mentioned above. >>> >>> >>> yet wen I check against KAli, the server >>> says the certificate is correct. >>> >>> What could have gone wrong? >>> >> I do not have this problem. ftp/curl built fom latest packages, version >> 8.12.1. >> >> % curl -v -v -v -v -v -v -v -v -v -v -v -v >> https://gateway.moneris.com/chktv2/request/request.php >> * Host gateway.moneris.com:443 was resolved. >> * IPv6: (none) >> * IPv4: 23.249.192.196 >> *???? Trying 23.249.192.196:443... >> * ALPN: curl offers h2,http/1.1 >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >> * TLSv1.3 (IN), TLS handshake, Server hello (2): >> * TLSv1.2 (IN), TLS handshake, Certificate (11): >> * TLSv1.2 (IN), TLS handshake, Server key exchange (12): >> * TLSv1.2 (IN), TLS handshake, Server finished (14): >> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): >> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): >> * TLSv1.2 (OUT), TLS handshake, Finished (20): >> * TLSv1.2 (IN), TLS handshake, Finished (20): >> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / prime256v1 / >> rsaEncryption >> * ALPN: server did not agree on a protocol. Uses default. >> * Server certificate: >> *?? subject: C=CA; ST=Ontario; L=Etobicoke; O=Moneris Solutions Corporation; >> CN=gateway.moneris.com >> *?? start date: Sep 20 14:46:33 2024 GMT >> *?? expire date: Oct 19 14:46:32 2025 GMT >> *?? subjectAltName: host "gateway.moneris.com" matched cert's >> "gateway.moneris.com" >> *?? issuer: C=US; O=Entrust, Inc.; OU=Seewww.entrust.net/legal-terms; >> OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust >> Certification Authority - L1K >> *?? SSL certificate verify ok. >> *???? Certificate level 0: Public key type RSA (2048/112 Bits/secBits), >> signed using sha256WithRSAEncryption >> *???? Certificate level 1: Public key type RSA (2048/112 Bits/secBits), >> signed using sha256WithRSAEncryption >> *???? Certificate level 2: Public key type RSA (2048/112 Bits/secBits), >> signed using sha1WithRSAEncryption >> * Connected to gateway.moneris.com (23.249.192.196) port 443 >> * using HTTP/1.x >>> GET /chktv2/request/request.php HTTP/1.1 >>> Host: gateway.moneris.com >>> User-Agent: curl/8.12.1 >>> Accept: */* >>> >> * Request completely sent off >> < HTTP/1.1 200 OK >> < Date: Thu, 27 Feb 2025 05:05:51 GMT >> < Set-Cookie: GWID=5r08cio9drsdgp3ht14vh5gm07; path=/; secure; HttpOnly >> < Expires: Thu, 19 Nov 1981 08:52:00 GMT >> < Cache-Control: no-store, no-cache, must-revalidate >> < Pragma: no-cache >> < Content-Length: 120 >> < Content-Type: application/json >> < Set-Cookie: TS019fcda0=015a7b8a0ba69d7487449af4e6244b5af029cd371252f3c29241d62c4f336e79130a22ac475f4f7fcfd170687cac1a3d9f3c133aa286fa274318844792223c93e9b50193bc; >> Path=/; Domain=.gateway.moneris.com; Secure; >> < >> Exception: Invalid JSON input >> >> > Next question, either chatgpt or gemmini suggested rehash. > > How do I do a rehash if that is the problem? Do you have security/ca_root_nss installed? Or use curl -k to trust this certificate.