cjxzjcxzjz
New Member
OS: Raspbian lite 10 (Buster). Also tried latest Ubuntu desktop.
I'm dealing with an issue that drives me nuts. I have this IP cam which I'm able to control with http Get commands (specifically through https). The problem is, I can't seem to integrate these commands with Curl or Wget because of errors. I've already used the -k option in Curl and the --no-check-certificate in Wget but it doesn't make a difference. I've also tried manually uninstalling Curl and manually compiling and reinstalling Curl to its latest version but that doesn't make a difference either. Whenever I enter the exact Get command (without the Curl part) in a browser on my Windows box and let the browser ignore the certificate error (DLG_FLAGS_SEC_CERT_CN_INVALID), the command works perfectly fine. Connecting with Curl and Wget on the non-https ports does work but I want to use the https port. Does anyone know how to fix this?
edit: also tried passing --http1.1 or --tlsv1.1 or --tlsv1.2 to Curl and although those get accepted as parameter, it doesn't make a difference.
Here's the Curl and Wget output:
I'm dealing with an issue that drives me nuts. I have this IP cam which I'm able to control with http Get commands (specifically through https). The problem is, I can't seem to integrate these commands with Curl or Wget because of errors. I've already used the -k option in Curl and the --no-check-certificate in Wget but it doesn't make a difference. I've also tried manually uninstalling Curl and manually compiling and reinstalling Curl to its latest version but that doesn't make a difference either. Whenever I enter the exact Get command (without the Curl part) in a browser on my Windows box and let the browser ignore the certificate error (DLG_FLAGS_SEC_CERT_CN_INVALID), the command works perfectly fine. Connecting with Curl and Wget on the non-https ports does work but I want to use the https port. Does anyone know how to fix this?
edit: also tried passing --http1.1 or --tlsv1.1 or --tlsv1.2 to Curl and although those get accepted as parameter, it doesn't make a difference.
Here's the Curl and Wget output:
Code:
sudo curl -kv "https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake"
* Expire in 0 ms for 6 (transfer 0x33f508)
* Trying 10.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x33f508)
* Connected to 10.0.0.1 (10.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=CN; ST=example; L=example; O=exampleorg, Ltd.; CN=*.example.org
* start date: Apr 8 06:23:21 2020 GMT
* expire date: Jun 8 06:23:21 2021 GMT
* issuer: C=CN; O=Example CA Limited; CN=Example OV SSL CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake HTTP/1.1
> Host: 10.0.0.1:443
> User-Agent: curl/7.73.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.3 (IN), TLS alert, close notify (256):
* Empty reply from server
* Connection #0 to host 10.0.0.1 left intact
curl: (52) Empty reply from server
Code:
sudo wget --no-check-certificate "https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake"
--2020-10-29 00:20:48-- https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake
Connecting to 10.0.0.1:443... connected.
WARNING: The certificate of ‘10.0.0.1:443’ is not trusted.
WARNING: The certificate of ‘10.0.0.1:443’ doesn't have a known issuer.
The certificate's owner does not match hostname ‘10.0.0.1:443’
HTTP request sent, awaiting response... Read error (The request is invalid.) in headers.
Retrying.
Last edited: