cómo resolver el rizo: (35) error
Si ejecuto en mi máquina CentOS 5 este comando:
curl -LsS https://symfony.com/installer -o /usr/local/bin/symfony
Me sale este error:
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Sin embargo, si corro:
curl -v https://symfony.com/
Entiendo esto:
* About to connect() to symfony.com port 443 (#0)
* Trying 176.34.106.156...
* Connected to symfony.com (176.34.106.156) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: OU=Domain Control Validated; OU=Gandi Standard SSL; CN=symfony.com
* start date: 2014-11-21 00:00:00 GMT
* expire date: 2017-11-21 23:59:59 GMT
* subjectAltName: symfony.com matched
* issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: symfony.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Age: 138
< Cache-Control: public, s-maxage=600
< Content-Type: text/html; charset=UTF-8
< Date: Sat, 07 Jan 2017 03:05:08 GMT
< Server: nginx/1.4.6 (Ubuntu)
< Via: 1.1 varnish-v4
< X-Varnish: 168003559 167316902
< Content-Length: 34582
< Connection: keep-alive
<
Con la opción -v, aparentemente se puede usar SSLv3. ¿Cómo usar el primer comando para establecer con éxito la conexión?
EDITAR:
Comparé la información de curl con un servidor Redhat donde curl funciona, y estos fueron los resultados:
Mi información de CentOS 5 "curl -V":
[root@orahost tls]# curl -V
curl 7.29.0 (i686-redhat-linux-gnu) libcurl/7.29.0 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
La información de RedHat 6 "curl -V":
[root@vps-1128921-x /etc/pki/tls] # curl -V
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
Noto que mi CentOS usa OpenSSL mientras que Redhat no. ¿Podría ser este el problema?