I m running Curl using https on Juniper-vSRX and seems like its not supported although i have tried latest Juniper version as well.As per juniper its supported please let me know how i can enable it if possible .
root@juniper-wc01-vsrx-vSRX-Node1:~ # curl https://www.keycdn.com
curl: (1) Protocol "https" not supported or disabled in libcurl
root@juniper-wc01-vsrx-vSRX-Node1> show version
The same command is working fine from my laptop.
SFAIZUL-M-CFN0:~ Shahid$ curl https://www.keycdn.com
<html lang="en" prefix="og: http://ogp.me/ns#">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="version" content="a36002f5685e2539952af5ff85c64abbb161d462">
<title>KeyCDN - Content delivery made easy</title>
SFAIZUL-M-CFN0:~ Shahid$ curl --version
curl 7.54.0 (x86_64-apple-darwin18.0) libcurl/7.54.0 LibreSSL/2.6.5 zlib/1.2.11 nghttp2/1.24.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
seems like libcurl on vSRX doesn't support SSL although its mentioned it support https any help can be highly appreciated .
can you please let us know the versions you've tried? By any chance one of the ones with the fix for this PR https://prsearch.juniper.net/PR1430187 ?
I m running this version and the link u shared seems like its fixed in 18.4R3 , all we need to use https not http using curl command .
not sure I get your reply:
1. I didn't say your issue is fixed in the PR I mentioned (although there is a chance) (but at least one issue ruled out)
2. you said "i have tried latest Juniper version as well" Which one was that?
Let me take my statement back i tested on these versions Junos: 18.4R1-S1.3 and 15.1X49-D123.3 , could u please confirm if the issue is fixed/resolved in the releases mentioned in the PR1430187 ?
I don't think the native CURL library of JunOS Shell supports https client mode. To leverage the curl extension libraries of libslax, you need to first call the libslax namespace ==> Refer to the document.
Again, I am not sure if calling the namespace inside the shell will help. Usually, it is a part of a SLAX script.
I didn't say PR1430187 has the fix for your issue. I'm merely zeroing in / process of elimination, hence I asked for your SW version(s).
Next question: Did you try a file copy https://... ?
rightnow i am only looking for curl if u can help that will be great .
I think I understand what you're looking for and I'm trying to help as best as I can. Knowing whether https works from the CLI would help me understand a bit better what's missing (where).
Thanks a lot for looking into this let me know exactly what u want me to run .
Can you pretend to want to use the CLI for "curl https://www.keycdn.com"? So for example "file copy https://www.keycdn.com foo".
Is there any way we can check with the Juniper support/development if they support https protocol in curl in juniper vSRX or do they have any plans in future releases .As installing slax will be more complicated as other vendor are providing these https support in curl natively.
Curl utility(the one started on so-called Unix shell) in Junos for SRX devices seems to be compiled without SSL/TLS support and is statically linked:
root@srx% ldd /usr/bin/curl
libgcc.so.1 => /usr/lib/libgcc.so.1 (0x28559000)
libc.so.6 => /usr/lib/libc.so.6 (0x285a8000)
root@srx%root@srx% curl -Vcurl 7.43.0 (JUNOS) libcurl/7.43.0Protocols: dict file ftp gopher http imap pop3 rtsp smtp telnet tftpFeatures: IPv6 Largefile UnixSocketsroot@srx%
Libcurl, mentioned in libslax curl extension library documentation, is used by cscript(program which runs the op/event/commit scripts written in SLAX):
root@srx% ldd /usr/libexec/ui/cscript | grep curl
libcurl-nossl.so.1 => /usr/lib/libcurl-nossl.so.1 (0x28c65000)
libext_curl.so.3 => /usr/lib/libext_curl.so.3 (0x28d80000)
As seen above, there are two curl libraries. As the name suggests and analysis with hex editor confirms, the first one is compiled without SSL/TLS support and the second one is with SSL/TLS support. However, at least in Junos 18.2R3.4 on SRX device the cscript seems to load curl related functions from libcurl-nossl.so.1 library. For example, one can confirm this by using the first example on libslax curl extension library documentation page, adding the sleep() before the curl call and attaching to cscript process with gdb. All the curl related functions seem to be from libcurl-nossl.so.1 address space:
(gdb) info functions ^Curl
All functions matching regular expression "^Curl":
/* output removed for brevity */
(gdb) info sharedlibrary
From To Syms Read Shared Object Library
0x2852c550 0x28567880 Yes /usr/lib//libxslt.so.3
0x285cac40 0x286dbb50 Yes /usr/lib//libxml2.so.3
0x28749b90 0x28775ce0 Yes /usr/lib//libslax.so.3
0x287d2860 0x287fca10 Yes /usr/lib//libncurses.so.6
0x28850c30 0x28869750 Yes /usr/lib//libedit.so.7
0x288b2350 0x288bd860 Yes /usr/lib//libz.so.3
0x28904420 0x289178d0 Yes /usr/lib//libmd.so.3
0x2895c1e0 0x28985e40 Yes /usr/lib//libm.so.4
0x289dfdf0 0x28a96530 Yes /usr/lib//libddl-access.so.1
0x28af8750 0x28b00360 Yes /usr/lib//libjunoscript.so.1
0x28b48f70 0x28b511f0 Yes /usr/lib//libmemory.so.1
0x28b94d10 0x28b971b0 Yes /usr/lib//libjunos-string.so.1
0x28bdaa80 0x28bdc190 Yes /usr/lib//libjunos-patricia.so.1
0x28c1f330 0x28c21b40 Yes /usr/lib//libjunos-time.so.1
0x28c6a8b0 0x28caf770 Yes /usr/lib//libcurl-nossl.so.1
0x28cfa7a0 0x28cfadf0 Yes /usr/lib//libjunos-util.so.1
0x28d3cbb0 0x28d3e240 Yes /usr/lib//libext_bit.so.3
0x28d81150 0x28d86260 Yes /usr/lib//libext_curl.so.3
0x28dc8680 0x28dc88a0 Yes /usr/lib//libext_exslt.so.3
0x28e0b0f0 0x28e0c8b0 Yes /usr/lib//libext_os.so.3
0x28e4ed10 0x28e50430 Yes /usr/lib//libext_xutil.so.3
0x28e92880 0x28e93820 Yes /usr/lib//libpvidb.so.1
0x28ed73c0 0x28edf6e0 Yes /usr/lib//libutil.so.5
0x28f246d0 0x28f2f220 Yes /usr/lib//libgcc.so.1
0x28f90260 0x29067770 Yes /usr/lib//libc.so.6
0x29128d90 0x2912a860 Yes /usr/lib//nss_sdk.so.1
0x2916cff0 0x2916eab0 Yes /usr/lib//libprovider.so.1
0x284a84c0 0x284d6170 Yes /usr/libexec/ld-elf.so.1
Also, variables like Curl_handler_https are missing. In short, HTTPS does not seem to be supported even in SLAX scripts on SRX devices.