cURL / Mailing Lists / curl-library / Single Mail

curl-library

trouble with SSL URL

From: David Byron <DByron_at_everdreamcorp.com>
Date: Wed, 26 Jan 2005 15:45:53 -0800

I'm having trouble with a particular URL. Some versions of curl return
all the text, and hang before closing the socket. Current cvs stops
midway. Without SSL, curl works fine. IE and Firefox have no trouble
with this.

When we change the server to return very slightly different data, curl
works fine. Comparing the two in a protocol analyzer shows some
differences.

The sequence of things as far as ethereal is concerned is:

client sends application data
server sends application data (unreassembled packet)
server sends continuation data (unreassembled packet)
client sends ACK
server sends continuation data (unreassembled packet)
server sends continuation data (unreassembled packet)
client sends ACK

and this repeats for awhile.

Then, in the "good" case, the sequence goes like this:

client sends "encrypted alert"
client sends FIN,ACK
server sends FIN,ACK
client sends ACK
server sends ACK w/ window and length 0
client sends ACK w/ window and length 0

In the "bad" case, this doesn't happen. Instead I see:

server sends continuation data (unreassembled packet)
client sends ACK
server sends continuation data (unreassembled packet)
client sends ACK
<client hangs>

What causes curl to send an "encrypted alert" packet?

$ ./curl --version
curl 7.13.0-CVS (i686-pc-cygwin) libcurl/7.13.0-CVS OpenSSL/0.9.7e
zlib/1.2.2
Protocols: ftp gopher telnet dict ldap http file https ftps
Features: Debug Largefile NTLM SSL libz

But this also breaks for me with openssl 0.9.7d, and 7.12.3 with 0.9.7a
build with MSVC.

If the ethereal traces help, please let me know and I'll send them. I
can send the URL too, but I'd rather do that in private mail.

Thanks much for any help you can provide.

-DB
Received on 2005-01-27