curl-library
Re: curl_multi_info_read() returning result of CURLE_RECV_ERROR
Date: Mon, 12 Oct 2015 13:49:03 +0800
Hi, thought I'd include the traces from this latest OpenSSL 1.0.2d build.
On Mon, Oct 12, 2015 at 1:06 PM, KS Lee <kslee_at_soft-skills.com.my> wrote:
> Hello Daniel
>
> We're re-ran the tests after upgrading our code to use libcurl to 7.44 and
> OpenSSL 1.0.2d. Same error, CURLE_RECV_ERROR, connection is closed after
> receiving a few frames from the peer.
>
>
Trying 10.1.8.95...
Name '192.168.128.61' family 2 resolved to '192.168.128.61' family 2
Local port: 0
Connected to xxxx.com (99.99.99.99) port 443 (#0)
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
SSL re-using session ID
{syn}{etx}{soh}{stx}
TLSv1.0 (OUT), TLS handshake, Client hello (1):
...
TLSv1.0 (IN), TLS change cipher, Client hello (1):
...
SSL connection using TLSv1.0 / AES256-SHA
*ALPN, server did not agree to a protocol*
Server certificate:
subject: C=MY; ST=Wilayah Persekutuan; L=Kuala Lumpur; O=Bursa Malaysia
Berhad; CN=ept.bursamalaysia.com
start date: 2014-10-27 00:00:00 GMT
expire date: 2016-12-25 23:59:59 GMT
issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use
at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 International
Server CA - G3
SSL certificate verify result: self signed certificate in certificate
chain (19), continuing anyway.
POST /xxxxx.form HTTP/1.1
Host: xxxxx.com
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/45.0.2454.101 Safari/537.36
Accept: */*
Accept-Encoding: deflate, gzip
Cookie:
PD-S-SESSION-ID=0_kQ5569Se1/4/Z1CEXXmcfcViUNHWo53lMJnk8s4/Yv4iV2ST7s0=
Content-Length: 107
Content-Type: application/x-www-form-urlencoded
...
HTTP/1.1 302 Moved Temporarily
content-length: 1435
content-type: text/html
...
... (some fragments came back)
...
SSL read: error:00000000:lib(0):func(0):reason(0), errno 10054
*** note: prior to this message, there were a few other messages that
completed successfully i.e. logon, and redirection.
> *> *
>> *> *> libcurl/7.44.0 OpenSSL/0.9.8k zlib/1.2.8 * *
>> *> *
>> *> This OpenSSL version is fairly old (March 2009) and it could be worth *
>> *> trying a *
>> *> more modern version before putting a lot of efforts into this. *
>> *> *
>> *Yes, we have cut a version with OpenSSL 1.0.2d. Will be retesting
>> tomorrow.*
>> * *
>>
>> *> *> THEN ERROR HERE >>>> SSL read: *
>> *> error:00000000:lib(0):func(0):reason(0), * *
>> *> *
>> *> Based on this, I would suspect something fishy on the TLS or TCP
>> layer. *
>> *> Using *
>> *> wireshark to check out the TCP traffic on the last parts of the *
>> *> communication *
>> *> could at least rule that out. *
>> *> *
>> *> Also, can you do _other_ HTTPS requests successfully against this
>> site? I *
>> *> mean *
>> *> doing a simple GET or something on another URL? Could make an easier
>> test *
>> *> and *
>> *> debug case. *
>> *> *
>>
>> *Just prior to this, there was another SSL-based POST/GET to authenticate
>> user credentials. And that worked fine. The user was logged in OK without
>> any errors.*
>>
>>
>>
> To summarise, when connecting to the peer via firewall, seems like the
> peer is closing the connection after sending a few frames of messages to us.
>
> Libcurl with OpenSSL 0.9.8k - error if not run through a proxy
> Libcurl with OpenSSL 1.0.2d - error if not run through a proxy
>
> Libcurl with OpenSSL 0.9.8k - no error if run through a proxy
> Libcurl with OpenSSL 1.0.2d - no error if run through a proxy
>
> But when we add a proxy and then onto the firewall, the connection works
> fine. Messages get exchanged without any errors.
>
> Does this look like an OpenSSL error? Am wondering why the presence of a
> proxy is significant in this situation?
>
> Any help is appreciated.
>
>
> Kind regards
> KS
>
>
>
>
>
>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-10-12