Troubleshooting curl

atlas · February 7, 2023, 2:02am

Hi. I am a newcomer so let me know if I am posting incorrectly. Background is that I am trying to get the Wazuh, Elasticsearch and Kibana working on a non-supported OS(according to Wazuh).

System is - Linux fedora 6.1.7-200.fc37.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jan 18 17:11:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux.

When trying to curl to https I get an error message but if I used http instead it works fine.

[root@fedora /]# curl -XGET https://localhost:9200 -u elastic:tXXXXXXXXXXXXXXu -k
*curl: (35) error:0A00010B:SSL routines::wrong version number*

Curl version

Name         : curl
Version      : 7.85.0
Release      : 5.fc37
Architecture : x86_64
Size         : 695 k
Source       : curl-7.85.0-5.fc37.src.rpm
Repository   : @System
From repo    : updates
Summary      : A utility for getting files from remote servers (FTP, HTTP, and others)
URL          : https://curl.se/
License      : MIT
Description  : curl is a command line tool for transferring data with URL syntax, supporting
             : FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
             : SMTP, POP3 and RTSP.  curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
             : uploading, HTTP form based upload, proxies, cookies, user+password
             : authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
             : resume, proxy tunneling and a busload of other useful tricks

Two questions.

Would it possibly be related to - Github Issue #9931.
How do I troubleshoot this issue, are there specific logs that I could look at?
Thanks.

augenauf · February 7, 2023, 9:13am

Did you setup a self-signed cert for localhost?
Reading https://reqbin.com/req/c-lfozgltr/curl-https-request, you can see that you can add -k or --insecure to bypass the cert check.

Or you make use of -E and specify the relevant cert file, i.e. curl -E cerfile.crt https://reqbin.com/echo

As a general hint, please post command line output as “Preformatted Text” - I will edit your post to show you how it looks like. It improves readability by a lot.

If you are referring to github issues, it would be good to present them with a link.

Use --verbose
https://curl.se/docs/manpage.html#-v

vgaetera · February 7, 2023, 1:48pm

Services generally require explicit configuration to enable TLS/SSL.
If not configured, TLS/SSL is typically disabled by default.
Make sure the service configuration matches Fedora crypto-policy:
Changes/StrongCryptoSettings2 - Fedora Project Wiki