curl: (52) Empty reply from server

cjxzjcxzjz

New Member
Credits
26
OS: Raspbian lite 10 (Buster). Also tried latest Ubuntu desktop.

I'm dealing with an issue that drives me nuts. I have this IP cam which I'm able to control with http Get commands (specifically through https). The problem is, I can't seem to integrate these commands with Curl or Wget because of errors. I've already used the -k option in Curl and the --no-check-certificate in Wget but it doesn't make a difference. I've also tried manually uninstalling Curl and manually compiling and reinstalling Curl to its latest version but that doesn't make a difference either. Whenever I enter the exact Get command (without the Curl part) in a browser on my Windows box and let the browser ignore the certificate error (DLG_FLAGS_SEC_CERT_CN_INVALID), the command works perfectly fine. Connecting with Curl and Wget on the non-https ports does work but I want to use the https port. Does anyone know how to fix this?

edit: also tried passing --http1.1 or --tlsv1.1 or --tlsv1.2 to Curl and although those get accepted as parameter, it doesn't make a difference.

Here's the Curl and Wget output:
Code:
sudo curl -kv "https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake"
* Expire in 0 ms for 6 (transfer 0x33f508)
*   Trying 10.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x33f508)
* Connected to 10.0.0.1 (10.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=CN; ST=example; L=example; O=exampleorg, Ltd.; CN=*.example.org
*  start date: Apr  8 06:23:21 2020 GMT
*  expire date: Jun  8 06:23:21 2021 GMT
*  issuer: C=CN; O=Example CA Limited; CN=Example OV SSL CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake HTTP/1.1
> Host: 10.0.0.1:443
> User-Agent: curl/7.73.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.3 (IN), TLS alert, close notify (256):
* Empty reply from server
* Connection #0 to host 10.0.0.1 left intact
curl: (52) Empty reply from server
Code:
sudo wget --no-check-certificate "https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake"
--2020-10-29 00:20:48--  https://10.0.0.1:443/cgi-bin/command.cgi?usr=exampleuser&pwd=examplepassword&cmd=wake
Connecting to 10.0.0.1:443... connected.
WARNING: The certificate of ‘10.0.0.1:443’ is not trusted.
WARNING: The certificate of ‘10.0.0.1:443’ doesn't have a known issuer.
The certificate's owner does not match hostname ‘10.0.0.1:443’
HTTP request sent, awaiting response... Read error (The request is invalid.) in headers.
Retrying.
 
Last edited:


wizardfromoz

Super Moderator
Staff member
Gold Supporter
Credits
7,608

f33dm3bits

Gold Member
Gold Supporter
Credits
7,673
Try to find out which SSL and TLS versions the ip cam supports.
Code:
* ALPN, server did not agree to a protocol
Makes me think that they can't communicate correctly because of curl not supporting whatever the server(ip cam) supports. I would look somewhere in that direction.
 
Last edited:

Rob

Administrator
Staff member
Credits
129
Actually, it looks like your --no-check-certificate is working. The mismatch issue is listed as a 'Warning'. The real error is
HTTP request sent, awaiting response... Read error (The request is invalid.) in headers.
Retrying.


Is there a simpler command you can send to test it?
 


Members online


Latest posts

Top