curl: (52) Empty reply from server

cjxzjcxzjz

New Member
Joined
Mar 24, 2020
Messages
11
Reaction score
2
Credits
102
OS: Raspbian lite 10 (Buster). Also tried latest Ubuntu desktop.

I'm dealing with an issue that drives me nuts. I have this IP cam which I'm able to control with http Get commands (specifically through https). The problem is, I can't seem to integrate these commands with Curl or Wget because of errors. I've already used the -k option in Curl and the --no-check-certificate in Wget but it doesn't make a difference. I've also tried manually uninstalling Curl and manually compiling and reinstalling Curl to its latest version but that doesn't make a difference either. Whenever I enter the exact Get command (without the Curl part) in a browser on my Windows box and let the browser ignore the certificate error (DLG_FLAGS_SEC_CERT_CN_INVALID), the command works perfectly fine. Connecting with Curl and Wget on the non-https ports does work but I want to use the https port. Does anyone know how to fix this?

edit: also tried passing --http1.1 or --tlsv1.1 or --tlsv1.2 to Curl and although those get accepted as parameter, it doesn't make a difference.

Here's the Curl and Wget output:
Code:
sudo curl -kv "https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake"
* Expire in 0 ms for 6 (transfer 0x33f508)
*   Trying 10.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x33f508)
* Connected to 10.0.0.1 (10.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=CN; ST=example; L=example; O=exampleorg, Ltd.; CN=*.example.org
*  start date: Apr  8 06:23:21 2020 GMT
*  expire date: Jun  8 06:23:21 2021 GMT
*  issuer: C=CN; O=Example CA Limited; CN=Example OV SSL CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake HTTP/1.1
> Host: 10.0.0.1:443
> User-Agent: curl/7.73.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.3 (IN), TLS alert, close notify (256):
* Empty reply from server
* Connection #0 to host 10.0.0.1 left intact
curl: (52) Empty reply from server

Code:
sudo wget --no-check-certificate "https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake"
--2020-10-29 00:20:48--  https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake
Connecting to 10.0.0.1:443... connected.
WARNING: The certificate of ‘10.0.0.1:443’ is not trusted.
WARNING: The certificate of ‘10.0.0.1:443’ doesn't have a known issuer.
The certificate's owner does not match hostname ‘10.0.0.1:443’
HTTP request sent, awaiting response... Read error (The request is invalid.) in headers.
Retrying.
 
Last edited:


wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
8,118
Reaction score
6,999
Credits
31,260
OP
C

cjxzjcxzjz

New Member
Joined
Mar 24, 2020
Messages
11
Reaction score
2
Credits
102

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
5,306
Reaction score
3,924
Credits
38,697
Try to find out which SSL and TLS versions the ip cam supports.
Code:
* ALPN, server did not agree to a protocol
Makes me think that they can't communicate correctly because of curl not supporting whatever the server(ip cam) supports. I would look somewhere in that direction.
 
Last edited:

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
932
Reaction score
1,809
Credits
1,241
Actually, it looks like your --no-check-certificate is working. The mismatch issue is listed as a 'Warning'. The real error is
HTTP request sent, awaiting response... Read error (The request is invalid.) in headers. Retrying.

Is there a simpler command you can send to test it?
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Staff online

Members online


Top