cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: A couple curl fixes/changes

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 8 Feb 2007 12:43:47 +0100 (CET)

On Wed, 7 Feb 2007, Robert A. Seace wrote:

> In trying to get curl 7.16.1 working on QNX4, I ran into an issue with
> the libssh2 support... Namely, it fails to seed the SSL PRNG for
> "scp:"/"sftp:" URLs (as it properly does for "https:"/"ftps:")... On
> systems where OpenSSL handles the seeding itself, that's no problem, but on
> QNX it can't do so, because there's no "/dev/random" or other suitable
> source of randomness... So, the manual seeding is necessary... All that's
> required to fix the problem is adding a "Curl_ossl_seed(data);" call near
> the start of Curl_ssh_connect()...

Sorry, but this fix belongs to libssh2 and not in curl. Starting with the next
libssh2 release, it won't even always use OpenSSL so we shouldn't make such
assumptions in the curl code.

> But, I was able to modify libcurl to work around the problem easily enough
> by simply ignoring that bogus 200 response in ftp_state_get_resp(), and
> calling "ftp_respinit(conn);" to reset things to read the proper response...
> This is such a wacky thing, I'm not sure if you want to incorporate the
> behavior into the standard curl distro, but it probably couldn't hurt...

I agree that this ignoring shouldn't hurt any sensibly working server, but
then again it isn't needed for any such either since getting a 200 at that
point is a protocol error to libcurl.

I think ignoring 200 at that point only risk libcurl to not detect protocol
errors properly on servers that are supposed to be fine. Therefore I'm leaning
towards not applying this particular fix.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-02-08