curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: code: 35 (SSL connect error) issue when using newer curl version(?)

From: Daniel Hallberg via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 23 Nov 2022 09:40:17 +0100

Den 2022-11-23 kl. 09:28, skrev Daniel Hallberg via curl-library:
> Hello,
> I want to move my backend software to a new server but when running it
> on the new server I often (but not always) get "CURLcode: 35 (SSL
> connect error)" for some unknown reason (I don't think I've ever seen
> that issue on the old server).
> The backend source code is identical on the servers, the difference I
> see is that the new server has newer curl & OpenSSL available:
>
> Old server:
> Backend build 384 starting.
> libcurl info:
> -> age: 7
> -> version: 7.74.0-DEV
> -> ssl_version: OpenSSL/1.1.1f
> -> features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB
> SSL TLS-SRP UnixSockets libz
> -> libz_version: 1.2.11
> -> protocols: dict file ftp ftps gopher http https imap imaps mqtt
> pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
> -> ares: 1.15.0
> -> libidn: 0
> -> libssh_version: 0
> -> brotli_version: 0
> OpenSSL threading supported
>
> New server:
> Backend build 384 starting.
> libcurl info:
> -> age: 9
> -> version: 7.86.0
> -> ssl_version: OpenSSL/3.0.2
> -> features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB
> SSL TLS-SRP UnixSockets libz
> -> libz_version: 1.2.11
> -> protocols: dict file ftp ftps gopher gophers http https imap imaps
> mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
> -> ares: 1.18.1
> -> libidn: 0
> -> libssh_version: 0
> -> brotli_version: 0
> OpenSSL threading supported
>
>
> Any suggestions where to look / how to debug the issue?
> Maybe there is some timeout I don't set in my code which was no
> problem with the old curl version, but that the newer curl version use
> another default value or something? Or do you think it has to do with
> the different OpenSSL versions?
>
> Best regards,
> Daniel

Here's how I use curl btw:

CURLcode res;
CURL *curl = curl_easy_init();

#ifdef DEBUG_CURL
curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, debug_callback);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
#endif

if (!curl) {
     FILE_LOG(logERROR)<<"Error starting curl";
     return false;
}

struct curl_slist *header = NULL;
header = curl_slist_append(header, "Accept-Language: sv");
header = curl_slist_append(header, "Accept: application/json");

//If we are authenticated, use our credentials
if(this->sessionKey != "")
{
     curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC);
     curl_easy_setopt(curl, CURLOPT_USERNAME, this->sessionKey.c_str());
     curl_easy_setopt(curl, CURLOPT_PASSWORD, this->sessionKey.c_str());
}

curl_easy_setopt(curl, CURLOPT_URL,             murl.c_str());

if(method == "POST")
{
     curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
     curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}
else if(method == "POST-JSON")
{
     header = curl_slist_append(header, "Content-Type: application/json");
     curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
     curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}
else if(method == "GET")
{
     //Just don"t set post data
}
else if(method == "DELETE"){
     curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE");
}else if(method == "PUT"){
     curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT");
     header = curl_slist_append(header, "Content-Type: application/json");
     curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data.c_str());
     curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, data.length());
}

curl_easy_setopt(curl, CURLOPT_HTTPHEADER,         header);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
this->CurlWrite_CallbackFunc_StdString);
curl_easy_setopt(curl, CURLOPT_WRITEDATA,         &s);
curl_easy_setopt(curl, CURLOPT_SHARE,             sslShare);

curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
curl_easy_setopt(curl, CURLOPT_TCP_FASTOPEN, 1L);

res = curl_easy_perform(curl);

curl_slist_free_all(header);
curl_easy_cleanup(curl);
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2022-11-23