cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Crash on iOS during HTTPS connection (libcurl with DarwinSSL)

From: Arcin Bozkurt <arcin.bozkurt_at_youilabs.com>
Date: Thu, 17 Oct 2013 21:02:54 +0000

<http://vimeo.com/user2127893>

With OpenSSL, I was forced to set CAPATH in addition to CAINFO to get this to work. Having just one or the other would fail.
After changing the easy handle configuration to set both of these configuration and verifying that communication is successfully established using OpenSSL, I switched back to DarwinSSL and the same problem continues to exist.

Could this be pointing to a bug in libcurl ?

Thanks
Arcin

On 2013-10-17, at 1:08 PM, Arcin Bozkurt <arcin.bozkurt_at_youilabs.com<mailto:arcin.bozkurt_at_youilabs.com>>
 wrote:

Additional information gathered suggests an error situation that should have been handled gracefully by libcurl / DarwinSSL but is not:

I have now rebuilt libcurl with openssl. The result is a fully functional application, that 'reports' the error and closes the connection.
Here is the error :

* Rebuilt URL to: https://www.google.com/
* About to connect() to www.google.com<http://www.google.com/> port 443 (#0)
* Trying 173.194.43.115...
* Adding handle: conn: 0x1f186200
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1f186200) send_pipe: 1, recv_pipe: 0
* Connected to www.google.com<http://www.google.com/> (173.194.43.115) port 443 (#0)
* error setting certificate verify locations:
  CAfile: /var/mobile/Applications/69D5AB7A-3663-4E00-8EDE-47CE659B855F/Library/cacert.pem
  CApath:
* Closing connection 0

This obviously points to an error with the certificate and its location. The previous stack trace hinted at that as well since at the time of the crash, system was trying to read data from the certificate. Apparently, there are limitations to how a certificate can be accessed.

I have also tried placing the certificate as a resource which places the file in the app bundle, but the failure is the same :

* error setting certificate verify locations:
  CAfile: /var/mobile/Applications/69D5AB7A-3663-4E00-8EDE-47CE659B855F/MyApplication.app/assets/cacert.pem
  CApath:
* Closing connection 0

On 2013-10-17, at 10:12 AM, Arcin Bozkurt <arcin.bozkurt_at_youilabs.com<mailto:arcin.bozkurt_at_youilabs.com>> wrote:

Hi,

I am trying to to lib curl to work with the Security framework on iOS and have a simple application where I am testing easy / multi HTTP secure connections. I have a lib curl configuration that I can run on my main thread or on a separate thread I have created (like an HTTP service thread). I have two versions, one based on curl_easy, another on curl_multi API. lib curl runs successfully if the code is on the main thread, but it will crash deep inside iOS framework if it runs on the http service thread (_retainedComponentString)

The stack trace is below :

* thread #6: tid = 0x2337, 0x34060e0a CoreFoundation`_retainedComponentString + 14, stop reason = EXC_BAD_ACCESS (code=2, address=0x2fe94d10)
    frame #0: 0x34060e0a CoreFoundation`_retainedComponentString + 14
    frame #1: 0x340608e8 CoreFoundation`CFURLCreateStringWithFileSystemPath + 380
    frame #2: 0x3406970c CoreFoundation`CFURLGetFileSystemRepresentation + 536
    frame #3: 0x34083a42 CoreFoundation`_CFGetFileProperties + 50
    frame #4: 0x340bc472 CoreFoundation`__CFBundleCopyFrameworkURLForExecutablePath + 650
    frame #5: 0x340838ea CoreFoundation`_CFBundleEnsureBundleExistsForImagePath + 14
    frame #6: 0x340837fc CoreFoundation`CFBundleGetBundleWithIdentifier + 96
    frame #7: 0x35e2de62 Security`SecFrameworkBundleLookup + 18
    frame #8: 0x3c3fbeea libsystem_c.dylib`pthread_once + 70
    frame #9: 0x35e2de28 Security`SecFrameworkCopyLocalizedString + 32
    frame #10: 0x35e26490 Security`obtainSummaryFromX501Name + 308
    frame #11: 0x35e29bbc Security`parseRDNContent + 100
    frame #12: 0x35e2632a Security`parseX501NameContent + 58
    frame #13: 0x35e26268 Security`SecCertificateCopySubjectSummary + 40
    frame #14: 0x003271f2 Gladiator`darwinssl_connect_common + 1766
    frame #15: 0x00321cd0 Gladiator`Curl_ssl_connect_nonblocking + 28
    frame #16: 0x0030fe06 Gladiator`https_connecting + 14
    frame #17: 0x00314186 Gladiator`Curl_protocol_connecting + 26
    frame #18: 0x0031e8ba Gladiator`multi_runsingle + 874
    frame #19: 0x0031f3ae Gladiator`curl_multi_perform + 102
    frame #20: 0x0031c364 Gladiator`curl_easy_perform + 260

The behaviour is the same whether I use easy or multi API.

Could the problem be related to how I have built libcurl?
I am using 7.32.0 and building against SDK 6.1 using :
--disable-shared --with-darwinssl --without-libssh2 --without-ca-bundle --without-ldap --disable-ldap --disable-ftp --enable-debug

Any suggestions?

Thanks
Arcin

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-17