curl-users
Re: GnuTLS recv error (-9): A TLS packet with unexpected length was received. - with Paypal Website Payment Pro
Date: Wed, 2 Feb 2011 23:29:22 +0100 (CET)
On Wed, 2 Feb 2011, Zachary Krebs wrote:
> "Several sites terminate the TLS connection without following the TLS
> protocol (i.e. sending closure alerts), but rather terminate the TCP
> connection directly. This is a relic of SSLv2 and it seems other
> implementations ignore this error. GnuTLS doesn't and thus prints this
> error. You could ignore it, but then you could not distinguish between a
> premature connection termination (i.e. by someone injecting a stray TCP
> termination packet) and normal termination."
>
> Could someone help me decipher how to go forward with this information, and
> does this relate to curl at all?
Again, you've not helped us repeat this problem in our ends so you're pretty
much left on your own to work with through.
You should figure out exactly when in the process it is you get this error,
and perhaps check if we should consider making (lib)curl ignore it, much in
line with what the other SSL libs seem to be doing. Or if perhaps there's
something GnuTLS can do to improve the situation.
I would also suggest that you try to upgrade to the most recent GnuTLS version
so that you know you're working with the latest code and fixes they've made.
It might be a good idea to work on this issue further with the GnuTLS guys as
they know these things in detail at the SSL/TLS level, while I do not.
It may also be that the server has a flawed SSL/TLS implementation (according
to GnuTLS) so there's actually a risk that nobody thinks a change is warranted
and that this error is in fact the only sensible outcome...
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2011-02-02