Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: code: 35 (SSL connect error) issue when using newer curl version(?)
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Hallberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 23 Nov 2022 09:40:17 +0100
Den 2022-11-23 kl. 09:28, skrev Daniel Hallberg via curl-library:
> Hello,
> I want to move my backend software to a new server but when running it
> on the new server I often (but not always) get "CURLcode: 35 (SSL
> connect error)" for some unknown reason (I don't think I've ever seen
> that issue on the old server).
> The backend source code is identical on the servers, the difference I
> see is that the new server has newer curl & OpenSSL available:
>
> Old server:
> Backend build 384 starting.
> libcurl info:
> -> age: 7
> -> version: 7.74.0-DEV
> -> ssl_version: OpenSSL/1.1.1f
> -> features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB
> SSL TLS-SRP UnixSockets libz
> -> libz_version: 1.2.11
> -> protocols: dict file ftp ftps gopher http https imap imaps mqtt
> pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
> -> ares: 1.15.0
> -> libidn: 0
> -> libssh_version: 0
> -> brotli_version: 0
> OpenSSL threading supported
>
> New server:
> Backend build 384 starting.
> libcurl info:
> -> age: 9
> -> version: 7.86.0
> -> ssl_version: OpenSSL/3.0.2
> -> features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB
> SSL TLS-SRP UnixSockets libz
> -> libz_version: 1.2.11
> -> protocols: dict file ftp ftps gopher gophers http https imap imaps
> mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
> -> ares: 1.18.1
> -> libidn: 0
> -> libssh_version: 0
> -> brotli_version: 0
> OpenSSL threading supported
>
>
> Any suggestions where to look / how to debug the issue?
> Maybe there is some timeout I don't set in my code which was no
> problem with the old curl version, but that the newer curl version use
> another default value or something? Or do you think it has to do with
> the different OpenSSL versions?
>
> Best regards,
> Daniel
Here's how I use curl btw:
CURLcode res;
CURL *curl = curl_easy_init();
#ifdef DEBUG_CURL
curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, debug_callback);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
#endif
if (!curl) {
FILE_LOG(logERROR)<<"Error starting curl";
return false;
}
struct curl_slist *header = NULL;
header = curl_slist_append(header, "Accept-Language: sv");
header = curl_slist_append(header, "Accept: application/json");
//If we are authenticated, use our credentials
if(this->sessionKey != "")
{
curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC);
curl_easy_setopt(curl, CURLOPT_USERNAME, this->sessionKey.c_str());
curl_easy_setopt(curl, CURLOPT_PASSWORD, this->sessionKey.c_str());
}
curl_easy_setopt(curl, CURLOPT_URL, murl.c_str());
if(method == "POST")
{
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}
else if(method == "POST-JSON")
{
header = curl_slist_append(header, "Content-Type: application/json");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}
else if(method == "GET")
{
//Just don"t set post data
}
else if(method == "DELETE"){
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE");
}else if(method == "PUT"){
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT");
header = curl_slist_append(header, "Content-Type: application/json");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, header);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
this->CurlWrite_CallbackFunc_StdString);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &s);
curl_easy_setopt(curl, CURLOPT_SHARE, sslShare);
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
curl_easy_setopt(curl, CURLOPT_TCP_FASTOPEN, 1L);
res = curl_easy_perform(curl);
curl_slist_free_all(header);
curl_easy_cleanup(curl);
Date: Wed, 23 Nov 2022 09:40:17 +0100
Den 2022-11-23 kl. 09:28, skrev Daniel Hallberg via curl-library:
> Hello,
> I want to move my backend software to a new server but when running it
> on the new server I often (but not always) get "CURLcode: 35 (SSL
> connect error)" for some unknown reason (I don't think I've ever seen
> that issue on the old server).
> The backend source code is identical on the servers, the difference I
> see is that the new server has newer curl & OpenSSL available:
>
> Old server:
> Backend build 384 starting.
> libcurl info:
> -> age: 7
> -> version: 7.74.0-DEV
> -> ssl_version: OpenSSL/1.1.1f
> -> features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB
> SSL TLS-SRP UnixSockets libz
> -> libz_version: 1.2.11
> -> protocols: dict file ftp ftps gopher http https imap imaps mqtt
> pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
> -> ares: 1.15.0
> -> libidn: 0
> -> libssh_version: 0
> -> brotli_version: 0
> OpenSSL threading supported
>
> New server:
> Backend build 384 starting.
> libcurl info:
> -> age: 9
> -> version: 7.86.0
> -> ssl_version: OpenSSL/3.0.2
> -> features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB
> SSL TLS-SRP UnixSockets libz
> -> libz_version: 1.2.11
> -> protocols: dict file ftp ftps gopher gophers http https imap imaps
> mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
> -> ares: 1.18.1
> -> libidn: 0
> -> libssh_version: 0
> -> brotli_version: 0
> OpenSSL threading supported
>
>
> Any suggestions where to look / how to debug the issue?
> Maybe there is some timeout I don't set in my code which was no
> problem with the old curl version, but that the newer curl version use
> another default value or something? Or do you think it has to do with
> the different OpenSSL versions?
>
> Best regards,
> Daniel
Here's how I use curl btw:
CURLcode res;
CURL *curl = curl_easy_init();
#ifdef DEBUG_CURL
curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, debug_callback);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
#endif
if (!curl) {
FILE_LOG(logERROR)<<"Error starting curl";
return false;
}
struct curl_slist *header = NULL;
header = curl_slist_append(header, "Accept-Language: sv");
header = curl_slist_append(header, "Accept: application/json");
//If we are authenticated, use our credentials
if(this->sessionKey != "")
{
curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC);
curl_easy_setopt(curl, CURLOPT_USERNAME, this->sessionKey.c_str());
curl_easy_setopt(curl, CURLOPT_PASSWORD, this->sessionKey.c_str());
}
curl_easy_setopt(curl, CURLOPT_URL, murl.c_str());
if(method == "POST")
{
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}
else if(method == "POST-JSON")
{
header = curl_slist_append(header, "Content-Type: application/json");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}
else if(method == "GET")
{
//Just don"t set post data
}
else if(method == "DELETE"){
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE");
}else if(method == "PUT"){
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT");
header = curl_slist_append(header, "Content-Type: application/json");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, header);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
this->CurlWrite_CallbackFunc_StdString);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &s);
curl_easy_setopt(curl, CURLOPT_SHARE, sslShare);
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
curl_easy_setopt(curl, CURLOPT_TCP_FASTOPEN, 1L);
res = curl_easy_perform(curl);
curl_slist_free_all(header);
curl_easy_cleanup(curl);
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-11-23