[BUG] KEY_USAGE_BIT_INCORRECT

[viskok-yuri]

async def req():
    from curl_cffi.requests import AsyncSession
    from curl_cffi.requests import BrowserType
    from curl_cffi import CurlOpt
    link = 'https://60.249.179.220/global-protect/login.esp'
    options = {
        CurlOpt.SSL_VERIFYHOST: 0,
        CurlOpt.SSL_VERIFYPEER: 0,

    }
    async with AsyncSession(impersonate=BrowserType.chrome,
                            curl_options=options,
                            # proxy="http://127.0.0.1:8080"
                            ) as session:
        response = await session.get(link)
        print(response.text)

asyncio.run(req())

curl_cffi.requests.errors.RequestsError: Failed to perform, curl: (35) BoringSSL: error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT. See https://curl.se/libcurl/c/libcurl-errors.html first for more details.

[yifeikong]

It seems to be a certificate error, I'm getting the same ERR_SSL_KEY_USAGE_INCOMPATIBLE error in Chrome. See this question for more details.

[viskok-yuri]

It seems to be a certificate error, I'm getting the same ERR_SSL_KEY_USAGE_INCOMPATIBLE error in Chrome. See this question for more details.

how to fix this eerr in code? Create Boring cert? If use burp proxy and cert get 200 status

[yifeikong]

You have to wait for the server to update their certs, there is no way to bypass this check with the recent versions of BoringSSL, which both Chrome and curl_cffi are using.

You can downgrade curl_cffi to an older version with older version of BoringSSL, it may work.

[viskok-yuri]

You have to wait for the server to update their certs, there is no way to bypass this check with the recent versions of BoringSSL, which both Chrome and curl_cffi are using.

You can downgrade curl_cffi to an older version with older version of BoringSSL, it may work.

okay im try, write later. Thx!

[viskok-yuri]

You have to wait for the server to update their certs, there is no way to bypass this check with the recent versions of BoringSSL, which both Chrome and curl_cffi are using.

You can downgrade curl_cffi to an older version with older version of BoringSSL, it may work.

versions below do not have asynchrony

[viskok-yuri]

You have to wait for the server to update their certs, there is no way to bypass this check with the recent versions of BoringSSL, which both Chrome and curl_cffi are using.

You can downgrade curl_cffi to an older version with older version of BoringSSL, it may work.

hi fix this problem pls, im pay money

[yifeikong]

You have to wait for the server to update their certs, there is no way to bypass this check with the recent versions of BoringSSL, which both Chrome and curl_cffi are using.

You can downgrade curl_cffi to an older version with older version of BoringSSL, it may work.

As I mentioned earlier, this is not a feature I would normally implement, because it probably only matters for this particular site, which uses outdated cert format. However, if you want to sponsor this feature, you can find my contact on my GitHub homepage.

[viskok-yuri]

You have to wait for the server to update their certs, there is no way to bypass this check with the recent versions of BoringSSL, which both Chrome and curl_cffi are using. You can downgrade curl_cffi to an older version with older version of BoringSSL, it may work.

As I mentioned earlier, this is not a feature I would normally implement, because it probably only matters for this particular site, which uses outdated cert format. However, if you want to sponsor this feature, you can find my contact on my GitHub homepage.

im send message to email

[yifeikong]

Fixed in v0.7.0b6