Ubuntu

strongswan scepclient context with libcurl fails to connect to SSL URIs

Asked by Andrew Moody

installed strongswan-starter and strongswan-plugin-curl (both 5.1.2-0ubuntu2.3) on Ubuntu 14.04.2 LTS (trusty)

imported root CA certificate into /usr/share/ca-certificates, edited ca-certificates.conf, and ran update-ca-certificates --fresh, verified CA certificate was added to /etc/ssl/certs, verified that the certificate was readable via 'openssl x509' context.

attempting to use the 'ipsec scepclient' context to request a certificate from Microsoft NDES server over SSL using the --url option with a URI similar to this: 'https://ndes.mydomain.com/certsrv/mscep/'

connection to server fails with error:
libcurl http request failed: SSL: couldn't create a context: error:140A90A1:lib(20):func(169):reason(161)

Opening the same URI from curl in terminal succeeds.

Read here, that some other package leveraging libcurl had similar issues due to not properly initializing:
https://code.google.com/p/gambas/issues/detail?id=236

Read here, that strongswan must be compiled to use the appropriate SSL backend with curl:
https://wiki.strongswan.org/projects/strongswan/wiki/Curl

Still might be user error, as there is slim to no documentation for this.

WireShark trace showed the opening/closing SYN/ACK/FIN/RST TCP packets, but no 'Client Hello' message. Seems like it's not actually initializing an SSL connection, but rather attempting a vanilla HTTP connection over port 443.

Any help is appreciated!

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.