cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: issue with quick reconnect

From: <koettermarkus_at_gmx.de>
Date: Thu, 20 Aug 2009 17:37:00 +0200

Jogeshwar Karthik Akundi wrote:
> Hi Daniel
>
> I have written a test application in visual studio 2003 and could reproduce
> the issue.
> The test app source code and the Error log file it generated are attached.
> The last few lines of the log file give the details of the error.
> sorry, I do not know how one can post sources here. I am attaching a zip
> file of the sources and log.

Had a look on the logfile,
why do you get a ssl handshake (Client hello) after closing the connection?

8/19/2009 - 17:43:16.408 Init++
8/19/2009 - 17:43:16.408 Init--
8/19/2009 - 17:43:16.408 CurlCBFunc: About to connect() to 192.168.1.18
port 443 (#0)
  8/19/2009 - 17:43:16.408 CurlCBFunc: Trying 192.168.1.18...
8/19/2009 - 17:43:16.408 CurlCBFunc: TCP_NODELAY set
  8/19/2009 - 17:43:16.408 CurlCBFunc: connected
  8/19/2009 - 17:43:16.408 CurlCBFunc: Connected to 192.168.1.18
(192.168.1.18) port 443 (#0)
  8/19/2009 - 17:43:16.424 CurlCBFunc: SSL certificate verify result:
self signed certificate (18), continuing anyway.
  8/19/2009 - 17:43:16.424 CurlCBFunc: Connection #0 to host
192.168.1.18 left intact

So far good

8/19/2009 - 17:43:16.424 Success Opening URL: https://192.168.1.18
8/19/2009 - 17:43:16.424 CURL Recent Socket: [1912]
8/19/2009 - 17:43:16.424 Success Sending numbytes [123]
8/19/2009 - 17:43:16.424 Waiting to receive data for sock [1912]
8/19/2009 - 17:43:16.689 Success Receiving numbytes [12]
8/19/2009 - 17:43:16.689 Destroy++
8/19/2009 - 17:43:16.689 CurlCBFunc: Closing connection #0
  8/19/2009 - 17:43:16.689 CurlCBFunc: SSLv3, TLS alert, Client hello (1):

I was courious why:

gdb /opt/curl/bin/curl
break ssl_tls_trace
run --trace-time --trace /dev/stdout --verbose https://www.hise.de >
/dev/null

<H1>Found</H1>
The document has moved here.<P>
<HR>
<ADDRESS>Apache/1.3.34 Server at www.heise.de Port 443</ADDRESS>
</BODY></HTML>
14:24:48.098590 == Info: Closing connection #0
14:24:48.098631 == Info: SSLv3, TLS alert, Client hello (1):
14:24:48.098645 => Send SSL data, 2 bytes (0x2)
0000: 01 00

Breakpoint 1, 0x00007f9be638e3f9 in ssl_tls_trace () from
/opt/curl/lib/libcurl.so.4
(gdb) bt
#0 0x00007f9be638e3f9 in ssl_tls_trace () from /opt/curl/lib/libcurl.so.4
#1 0x00007f9be5ef4cae in ssl3_dispatch_alert () from
/opt/dionaea/lib/libssl.so.1.1.0

ignore the pathes as I have openssl cvs installed in /opt

#2 0x00007f9be5ef14d4 in ssl3_shutdown () from
/opt/dionaea/lib/libssl.so.1.1.0
#3 0x00007f9be638d489 in Curl_ossl_close () from /opt/curl/lib/libcurl.so.4
#4 0x00007f9be63ac482 in Curl_ssl_close () from /opt/curl/lib/libcurl.so.4
#5 0x00007f9be63863c2 in Curl_disconnect () from /opt/curl/lib/libcurl.so.4
#6 0x00007f9be638ab50 in Curl_done () from /opt/curl/lib/libcurl.so.4
#7 0x00007f9be639ce6b in Curl_perform () from /opt/curl/lib/libcurl.so.4
#8 0x00007f9be639d93f in curl_easy_perform () from
/opt/curl/lib/libcurl.so.4
#9 0x000000000040c472 in operate ()
#10 0x000000000040ce79 in main ()

So this is standard behaviour in curl top report Client Handshake for
SSL_shutdowns.

openssl itself does shutdown fine and does not report a new handshake

openssl s_client -nbio -msg -debug -connect www.heise.de:443

read from 0x23ef020 [0x23f4600] (5 bytes => 5 (0x5))
0000 - 15 03 01 ...
0005 - <SPACES/NULS>
read from 0x23ef020 [0x23f4605] (32 bytes => 32 (0x20))
0000 - 2c 61 b5 6e 37 70 68 41-88 ab 95 4b c2 de a9 18 ,a.n7phA...K....
0010 - 5b ba 95 0a dd 91 1d 83-97 70 77 60 d7 ca 8e 5f [........pw`..._
<<< TLS 1.0 Alert [length 0002], warning close_notify
     01 00
closed
write to 0x23ef020 [0x23f8e10] (37 bytes => 37 (0x25))
0000 - 15 03 01 00 20 94 53 eb-a6 4f 20 79 e0 9b 93 f5 .... .S..O y....
0010 - 69 f2 66 96 2c b3 e3 74-8c 0b 29 ab ca a1 43 84 i.f.,..t..)...C.
0020 - 9c 23 42 59 5f .#BY_
>>> TLS 1.0 Alert [length 0002], warning close_notify
     01 00

So in your case,

------
8/19/2009 - 17:43:16.705 Waiting to receive data for sock [1912]
8/19/2009 - 17:43:16.986 CurlCBFunc: SSLv3, TLS alert, Client hello (1):
  8/19/2009 - 17:43:16.986 CurlCBFunc: Failed to get recent socket
------

the "Failed to get recent socket" means somebody initiated closing the
connection *properly*, as there is part of a tls shutdown, indicated as
"Client Hello". Naming a shutdown alter client hello should be a bug in
curl.
But luckily thats where openssl 'documentation' comes into play, using
SSL_alert_desc_string, SSL_state_string, SSL_rstate_string_long and the
other friendly helpers from ssl_stat.h can help out.

Markus
Received on 2009-08-20