curl / Mailing Lists / curl-users / Single Mail

curl-users

FW: Intermittent curl error code 35 - SSL Protocol error

From: Kulcyk, JoAnn <JKulcyk2_at_glhec.org>
Date: Tue, 6 Dec 2016 20:02:15 +0000

I have coded a curl command in a z/OS REXX EXEC to send data from the mainframe to a CentOS 5 server running Zenoss. It works 99% of the time, but occasionally I get an error code 35, SSL Protocol error. I have captured traces of both good and bad executions of the command and I can see where the bad one fails, but I am still not sure why it is failing. Can anyone help? I have scrubbed the trace data of server names, IP addresses, certificate info, … in order to post it. I think I have left enough to be useful. Thanks!

Trace of error:

Curl Return Code: 35

Zenoss POST (curl) stdout:

== Info: IDN support not present, can't parse Unicode domains == Info: About to connect() to SERVER port 443 (#0)
== Info: Trying IPADDR...
== Info: connected
== Info: Connected to SERVER (IPADDR) port 443 (#0) == Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 339 bytes (0x153)

Data omitted

== Info: SSLv3, TLS handshake, Server hello (2):
<= Recv SSL data, 81 bytes (0x51)

Data omitted

== Info: SSLv3, TLS handshake, CERT (11):
<= Recv SSL data, 2052 bytes (0x804)

Data omitted

== Info: SSLv3, TLS handshake, Server key exchange (12):
<= Recv SSL data, 525 bytes (0x20d)

Data omitted

== Info: SSLv3, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ....
== Info: SSLv3, TLS handshake, Client key exchange (16):
=> Send SSL data, 134 bytes (0x86)

Data omitted

== Info: SSLv3, TLS change cipher, Client hello (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: .....S... ....0.
== Info: Unknown SSL protocol error in connection to SERVER:port == Info: Closing connection #0


Zenoss POST (curl) stderr:

Warning: --trace-ascii overrides an earlier trace/verbose option
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed

  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (35) Unknown SSL protocol error in connection to SERVER:port



Trace of good curl execution:

reply_stdin.1= == Info: IDN support not present, can't parse Unicode domains
reply_stdin.2= == Info: About to connect() to SERVER port 443 (#0)
reply_stdin.3= == Info: Trying IPADDR ...
reply_stdin.4= == Info: connected
reply_stdin.5= == Info: Connected to SERVER (IPADDR) port 443 (#0)
reply_stdin.6= == Info: SSLv3, TLS handshake, Client hello (1):
reply_stdin.7= => Send SSL data, 342 bytes (0x156)
reply_stdin.8 – 13: data omitted

reply_stdin.14= == Info: SSLv3, TLS handshake, Server hello (2):
reply_stdin.15= <= Recv SSL data, 81 bytes (0x51)
reply_stdin.16 – 17: data omitted

reply_stdin.18= == Info: SSLv3, TLS handshake, CERT (11):
reply_stdin.19= <= Recv SSL data, 2027 bytes (0x7eb)

reply_stdin.20 - 62 = 0000: data omitted
reply_stdin.63= == Info: SSLv3, TLS handshake, Server finished (14):
reply_stdin.64= <= Recv SSL data, 4 bytes (0x4)
reply_stdin.65= 0000: ....
reply_stdin.66= == Info: SSLv3, TLS handshake, Client key exchange (16):
reply_stdin.67= => Send SSL data, 134 bytes (0x86)
reply_stdin.68 – 70 = 0000: data omitted

reply_stdin.71= == Info: SSLv3, TLS change cipher, Client hello (1):
reply_stdin.72= => Send SSL data, 1 bytes (0x1)
reply_stdin.73= 0000: .
reply_stdin.74= == Info: SSLv3, TLS handshake, Finished (20):
reply_stdin.75= => Send SSL data, 16 bytes (0x10)
reply_stdin.76= 0000: .....&C....j9. .
reply_stdin.77= == Info: SSLv3, TLS change cipher, Client hello (1):
reply_stdin.78= <= Recv SSL data, 1 bytes (0x1)
reply_stdin.79= 0000: .
reply_stdin.80= == Info: SSLv3, TLS handshake, Finished (20):
reply_stdin.81= <= Recv SSL data, 16 bytes (0x10)
reply_stdin.82= 0000: ......Z.....v.(1
reply_stdin.83= == Info: SSL connection using DHE-RSA-AES256-SHA
reply_stdin.84 – 89 = == Info: Server certificate: omitted
reply_stdin.90= == Info: SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
reply_stdin.91= == Info: Server auth using Basic with user 'MainframeREST'
reply_stdin.92= => Send header, 220 bytes (0xdc)
reply_stdin.93 – 100 data omitted

reply_stdin.101= => Send data, 475 bytes (0x1db)
reply_stdin.102 – 109 = 0000: data omitted

reply_stdin.110= == Info: upload completely sent off: 475 out of 475 bytes
reply_stdin.111= <= Recv header, 17 bytes (0x11)
reply_stdin.112= 0000: HTTP/1.1 200 OK
reply_stdin.113= <= Recv header, 37 bytes (0x25)
reply_stdin.114= 0000: Date: Thu, 06 Oct 2016 21:41:48 GMT
reply_stdin.115= <= Recv header, 58 bytes (0x3a)
reply_stdin.116= 0000: Server: Zope/(2.13.13, python 2.7.2, linux2) ZServer/1.1
reply_stdin.117= <= Recv header, 21 bytes (0x15)
reply_stdin.118= 0000: Content-Length: 175
reply_stdin.119= <= Recv header, 32 bytes (0x20)
reply_stdin.120= 0000: Content-Type: application/json
reply_stdin.121= <= Recv header, 66 bytes (0x42)
reply_stdin.122= 0000: Set-Cookie: _ZopeId="50762386A7pslc.U4N0"; Path=/zport; HTTPOnly
reply_stdin.123= 0040:
reply_stdin.124= <= Recv header, 19 bytes (0x13)
reply_stdin.125= 0000: Connection: close
reply_stdin.126= <= Recv header, 2 bytes (0x2)
reply_stdin.127= 0000:
reply_stdin.128= <= Recv data, 175 bytes (0xaf)
reply_stdin.129 – 131 = 0000: data omitted
reply_stdin.132= #‚ÍÍÑÀ‚š€‚ÀÄÓ˜ÃÁÄÀ”™™”Õ•/Á”
________________________________
Á“”/™ÀÁÄ/˜‘‚Œ€‚/ÄÈÑ?>‚š€‚áÎÁ>ÈËê?ÍÈÁÊ‚Œ€‚ÊÁËÍ%È‚š€#‚_ËÅ‚š€‚äÊÁ/ÈÁÀ€ÁÎÁ>È‚Œ€‚
ÄÁËË‚š€ÈÊÍÁ'Œ€‚ÈÑÀ‚š€‘Œ€‚È`øÁ‚š€‚ÊøÄ‚Œ€‚_ÁÈÇ?À‚š€‚/ÀÀ^ÁÎÁ>È‚'== Info: Closing connection #0
reply_stdin.133= == Info: SSLv3, TLS alert, Client hello (1):
reply_stdin.134= => Send SSL data, 2 bytes (0x2)
reply_stdin.135= 0000: ..
reply_stdin.136=

----------------------------------------------------------------------
The information contained in this communication may be confidential, is intended only for the use of the recipient(s) named above, and may be protected under state or federal law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please forward the communication to notme_at_glhec.org immediately and destroy or delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-12-06