Forum Discussion
A problem when download OneNote file using OneDrive api by curl
Thanks for the reply.
In our case, the curl error of download only occurs on a few onenote files. Other onenote files still can be downloaded. Also for the onenote files that are failed to download by OneDrive graph api, can still get the metadata of files by OneDrive graph api.
If there is a lack of TLS 1.2 support on Linux clients, then all onenote files should be unable to download, I suppose?
Also thanks for your answer about the second question. We would consider to use OneNote api.
In your case, you mentioned that the curl error of download only occurs on a few OneNote files, while other OneNote files can still be downloaded. Additionally, you mentioned that for the OneNote files that failed to download by OneDrive Graph API, you can still get the metadata of the file by OneDrive Graph API.
Regarding your question about whether there is a lack of TLS 1.2 support on Linux clients, it is not necessarily true that all OneNote files should be unable to download if there is a lack of TLS 1.2 support on Linux clients. The reason is that the TLS version used for communication between the client and server depends on the server’s configuration and the client’s capabilities. If the server supports TLS 1.2 and the client does not, then the communication will fail. However, if the server supports an earlier version of TLS that the client supports, then communication will still be possible.
If you are experiencing issues with downloading OneNote files using OneDrive Graph API, it might be helpful to check if your Linux client supports TLS 1.2 and if it is enabled. You can use OpenSSL to check if your Linux client supports TLS 1.2 by running openssl s_client -connect <server>:<port> -tls1_2. If your client does not support TLS 1.2, you can try enabling it by following the instructions provided by your Linux distribution or OpenSSL documentation.
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! 🙂 |
Deleted
Thanks again for your reply.
I test whether my linux client supports TLS1.2.
I use the sharepoint domain where curl error occurs, as the testing server.
Look like TLS1.2 is supported.
Is anything else I could check with ?
```
openssl s_client -connect <mydomain>-my.sharepoint.com:443 -tls1_2
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = http://www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 04
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.sharepoint.com
verify return:1
---
Certificate chain
0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.sharepoint.com
i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 04
1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 04
i:C = US, O = DigiCert Inc, OU = http://www.digicert.com, CN = DigiCert Global Root G2
---
...
Start Time: 1697679839
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
read:errno=0
```From the output you’ve shared, it seems like your Linux client does indeed support TLS 1.2 and is able to establish a secure connection with the SharePoint server. The Verify return code: 0 (ok) indicates that the SSL certificate verification was successful.
Here are a few more things you could check:
1.Cipher Suite: You can check which cipher suite is being used for the connection. This can be done by adding -cipher 'DEFAULT:@SECLEVEL=1' to your openssl command.
2.HTTP Response: You can also check the HTTP response from the server by sending a HTTP request after the SSL handshake. After running the openssl s_client command, you can type GET / HTTP/1.1 followed by Host: <yourdomain>.sharepoint.com and then two enters.
3.Certificate Expiration: Check if the certificate is expired or not. You can do this by looking at the ‘Not After’ field in your output.
4.Firewall Rules: Ensure that there are no firewall rules that might be blocking your connection to the SharePoint server.
5.Network Issues: Check for any network issues that might be preventing you from connecting to the server.
Remember to replace <yourdomain> with your actual domain.
In conclusion :
Since you have successfully tested whether your Linux client supports TLS1.2 by connecting to the SharePoint domain where the curl error occurs. The output of the openssl s_client command indicates that the connection was successful and that TLS1.2 is supported.
If you want to check whether your Linux client supports other versions of TLS, you can replace -tls1_2 with -tls1, -tls1_1, or -tls1_3 in the openssl s_client command.
If I have answered your question, please mark your post as Solved
If you like my response, please give it a Like
Appreciate your Kudos! Proud to contribute! 🙂