curl SSL connect error – NSS error -5961

I got this error when I wanted to clone a git repo over HTTPS:

# git clone https://git.my.org/projects/test.git
Initialized empty Git repository in /tmp/test/.git/
error:  while accessing https://git.my.org/projects/test.git/info/refs

If I access the server with curl there’s error too:

# curl -v --insecure https://git.my.org
* About to connect() to git.my.org port 443 (#0)
*   Trying 192.168.4.97... connected
* Connected to git.my.org (192.168.4.97) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

That was a CentOS 6 box and it had not been updated for quite some time. The curl version:

# curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

I fixed it by updating nss lib and curl:

# yum update -y nss curl libcurl

Note that both nss and curl need to be updated. After the update:

# curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

Leave a Reply

Your email address will not be published. Required fields are marked *

Prove your intelligence before hitting * Time limit is exhausted. Please reload CAPTCHA.