cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curl_easy_perform() fails with "Problem with the SSL CA cert (path? access rights?)" after first time calling this routine

From: cnm marketing <cnn.marketing_at_gmail.com>
Date: Fri, 15 Mar 2013 14:59:26 -0400

>error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
1. When libcurl uses Diffie-Hellman, does libcurl hardcode the
Diffie-Hellman key and the length?
2. Does libcurl have an option that allow libcurl user to re-set the
Diffie-Hellman key length?
We are still wondering (90% convinced) whether the error message has
something to do with the openssl that is getting loaded from another layer.
When the openssl is being loaded by another layer, libcurl is trying to use
that openssl context and find the key size (set by libcurl) is too small
compare to the key set by another layer.

On Fri, Mar 15, 2013 at 2:00 PM, cnm marketing <cnn.marketing_at_gmail.com>wrote:

> >What SSL implementation is your libcurl using? How is the SSL stack
> build and how did you build libcurl?
> [cnm]
> 1. I am not sure if I understand your first question, we use libcurl, if
> libcurl uses ssl, then we use whatever is on the system, in our case, we
> use openssl.
> 2. We use dlopen()/dlsym()/dlclose() to load libcurl library. This is the
> ONLY way that we can fit libcurl into our software layers. There are at
> least 3 different layers in our layer that uses openssl, we are not the
> first one to be loaded.
>
> On Fri, Mar 15, 2013 at 12:59 PM, cnm marketing <cnn.marketing_at_gmail.com>wrote:
>
>> >libcurl is able to use 9 different SSL implementation as its SSL library
>> for SSL connections. And yes, OpenSSL is one of them.
>> [cnm] Does libcurl statically link ssl or dynamically load those ssl?
>>
>> >I've never seen the error message
>> *> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too
>> small
>> *
>> [cnm] If you believe this error message is NOT from libcurl itself, then
>> I believe this error message is from the openssl routines that the libcurl
>> invokes. The question is why openssl throw this error, and in what
>> situation (from libcurl code) this error will be throwed from libcurl?
>> >What SSL implementation is your libcurl using? How is the SSL stack
>> build and how did you build libcurl?
>> [cnm]
>> 1. I am not sure if I understand your first question, we use libcurl, if
>> libcurl uses ssl, then we use whatever is on the system, in our case, we
>> use openssl.
>> 2. We use dlopen()/dlsym()/dlclose() to load libcurl library. This is the
>> ONLY way that we can fit libcurl into our software layers. I need to check
>> with other groups and see how many they use ssl in their layers. I'll get
>> back to you on this.
>>
>>
>> On Fri, Mar 15, 2013 at 10:44 AM, cnm marketing <cnn.marketing_at_gmail.com>wrote:
>>
>>> How that can be? Does libcurl also use openssl?
>>>
>>> From my code, I only invoke libcurl routines. Again the following
>>> output are the libcurl output by using CURLOPT_VERBOSE and CURLOPT_STDERR.
>>> When setting CURLOPT_SSL_VERIFYHOST to 1, we got the debug1.txt output,
>>> when setting CURLOPT_SSL_VERIFYHOST to 0, we get the debug.txt output
>>>
>>>
>>> [root_at_l2se0132 bin]# more /debug1.txt
>>>
>>> * About to connect() to l2se0060.lss.emc.com port 8443 (#0)
>>>
>>> * Trying 10.247.73.60...
>>>
>>> * Connected to l2se0060.lss.emc.com (10.247.73.60) port 8443 (#0)
>>>
>>> * successfully set certificate verify locations:
>>>
>>> * CAfile: /usr/yhuang/cert.pem
>>>
>>> CApath: none
>>>
>>> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>>>
>>> * Closing connection 0
>>>
>>>
>>>
>>> [root_at_l2se0132 bin]# more /debug.txt
>>>
>>> * About to connect() to l2se0060.lss.emc.com port 8443 (#0)
>>>
>>> * Trying 10.247.73.60...
>>>
>>> * Connected to l2se0060.lss.emc.com (10.247.73.60) port 8443 (#0)
>>>
>>> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>>>
>>> * Closing connection 0
>>>
>>>
>>>
>>> On Fri, Mar 15, 2013 at 3:45 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>>>
>>>> On Thu, 14 Mar 2013, cnm marketing wrote:
>>>>
>>>> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>>>>>
>>>>
>>>> Please stop top-posting and full-quoting.
>>>>
>>>> My 3.2 seconds of googling on this topic lead to this:
>>>>
>>>> http://comments.gmane.org/**gmane.comp.encryption.openssl.**
>>>> user/43777<http://comments.gmane.org/gmane.comp.encryption.openssl.user/43777>
>>>>
>>>> --
>>>>
>>>> / daniel.haxx.se
>>>>
>>>
>>>
>>
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-03-15