HTTP GET using cURL is giving SSL error

aniztar picture aniztar · May 29, 2018 · Viewed 7.3k times · Source

I have written a REST server which listens on port 8000. I am trying to invoke the api from the same machine using the cURL command -

curl -H "accept: application/json" https://localhost:8000/status -v

I am getting the following error

* About to connect() to localhost port 8000 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 8000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.

I have tried bypassing the certificate verification using -k option but to no avail. What am I missing here? Please comment if any more info is required.

EDIT: My friend suggested to try with only http in the cURL command. Then it bypassed SSL check and it worked. But whats going wrong with https? Do I need to install certificate for localhost also? Also, why didn't -k option work?

Answer

Steffen Ullrich picture Steffen Ullrich · May 29, 2018

My friend suggested to try with only http in the cURL command. Then it bypassed SSL check and it worked.

It looks like that your server has not SSL enabled at all. That's why HTTP worked and HTTPS did not. Using HTTP did not bypass any SSL check because there is no SSL with HTTP and thus no SSL check to bypass.

Also, why didn't -k option work?

The -k option is used to skip certificate validation on SSL (HTTPS) connections. But it can only work if there is a SSL connection in the first place. Since your server does not support SSL at all -k will not help.

Do I need to install certificate for localhost also?

You need to first enable SSL on your (unknown) server. If your coded your own server then this means additional coding. And, once the server can do SSL at all you also need to setup a certificate which the server can provide to the client.