Why when i curl https://api.twitter.com/oauth/request_token21 , get NSS error -12263

oauth

#1

at same machine test. i can get right result from twitter. why?
first ,i get from twitter.
curl https://api.twitter.com/oauth/request_token21 -v

  • About to connect() to api.twitter.com port 443 (#0)
  • Trying 104.244.42.2… connected
  • Connected to api.twitter.com (104.244.42.2) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • NSS error -12263
  • Closing connection #0
  • SSL connect error

then i get from google, can get right response.
curl -v https://encrypted.google.com

  • Trying 216.58.200.174… connected
  • Connected to encrypted.google.com (216.58.200.174) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
  • Server certificate:
  •   subject: CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US
    
  •   start date: Aug 24 10:19:50 2016 GMT
    
  •   expire date: Nov 16 10:10:00 2016 GMT
    
  •   common name: *.google.com
    
  •   issuer: CN=Google Internet Authority G2,O=Google Inc,C=US
    

GET / HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: encrypted.google.com
Accept: /

< HTTP/1.1 200 OK


/oauth/request_token sporadically not returning a request token?
#2

I’m using curl 7.43 on OS X and this works correctly (although the API response is invalid request, which is as expected) - note that Twitter does not support SSLv3 or weaker, and requires at least TLS. I suggest you look at your certificate configuration.

$ curl https://api.twitter.com/oauth/request_token -v
*   Trying 104.244.42.2...
* Connected to api.twitter.com (104.244.42.2) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: api.twitter.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> GET /oauth/request_token HTTP/1.1
> Host: api.twitter.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-disposition: attachment; filename=json.json
< content-length: 62
< content-type: application/json; charset=utf-8
< date: Fri, 02 Sep 2016 12:47:15 GMT
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Fri, 02 Sep 2016 12:47:15 GMT
< pragma: no-cache
< server: tsa_f
< set-cookie: guest_id=v1%3A147282043546846296; Domain=.twitter.com; Path=/; Expires=Sun, 02-Sep-2018 12:47:15 UTC
< status: 400 Bad Request
< strict-transport-security: max-age=631138519
< x-connection-hash: 050899943071408b0c1d2a3f6c6bccfd
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-response-time: 100
< x-transaction: 00b4a8870065b681
< x-twitter-response-tags: BouncerCompliant
< x-xss-protection: 1; mode=block
<
* Connection #0 to host api.twitter.com left intact
{"errors":[{"code":215,"message":"Bad Authentication data."}]}%