Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
TCP close issue when rebasing, maybe specific to 8.6.1 vs "openssl s_server -WWW"?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Stephen Farrell <stephen.farrell_at_cs.tcd.ie>
Date: Tue, 6 Feb 2024 23:11:58 +0000
Hiya,
I just rebased my ECH-enabled curl fork. [1]
My tests with 8.6.1 show up something new/bad compared to my
previous 8.6.0 build.
I have some ``openssl s_server -WWW`` listeners (e.g. at [2])
for test purposes. s_server is useful for when I want to see mega
tracing sometimes or to run against a server inside gdb.
With 8.6.0 that worked fine.
With 8.6.1 it seems ECH still works and the HTTPS response is
fine, but the client blocks and holds open or doesn't close the
TCP connection.
``openssl s_server -WWW`` is of course a mega-basic type of
not-really a proper web server but still be good if this worked
as before.
Turning on or off ECH doesn't affect the behaviour. My 8.6.1 build
works fine vs. ECH_enabled apache, nginx, lghttpd and haproxy
servers as before. If I add a ``-m 2`` timeout to the client
command line, it times out returning 28 as expected. Without
that it hangs there for as long as I've been willing to wait:-)
I tried some HTTP protocol variations e.g. ``--http1.1`` but
that doesn't seem to affect things.
I'm just starting to look into this, but any ideas as to where to
look? E.g. changes between 8.6.0 and 8.6.1 that might affect how
a TLS close_notify is handled or how the client closes a TCP
socket when running a v. basic or unknown version of HTTP?
Thanks,
S.
[1] https://github.com/sftcd/curl/tree/ECH-experimental
[2] https://draft-13.esni.defo.ie:8413/stats
Received on 2024-02-07
Date: Tue, 6 Feb 2024 23:11:58 +0000
Hiya,
I just rebased my ECH-enabled curl fork. [1]
My tests with 8.6.1 show up something new/bad compared to my
previous 8.6.0 build.
I have some ``openssl s_server -WWW`` listeners (e.g. at [2])
for test purposes. s_server is useful for when I want to see mega
tracing sometimes or to run against a server inside gdb.
With 8.6.0 that worked fine.
With 8.6.1 it seems ECH still works and the HTTPS response is
fine, but the client blocks and holds open or doesn't close the
TCP connection.
``openssl s_server -WWW`` is of course a mega-basic type of
not-really a proper web server but still be good if this worked
as before.
Turning on or off ECH doesn't affect the behaviour. My 8.6.1 build
works fine vs. ECH_enabled apache, nginx, lghttpd and haproxy
servers as before. If I add a ``-m 2`` timeout to the client
command line, it times out returning 28 as expected. Without
that it hangs there for as long as I've been willing to wait:-)
I tried some HTTP protocol variations e.g. ``--http1.1`` but
that doesn't seem to affect things.
I'm just starting to look into this, but any ideas as to where to
look? E.g. changes between 8.6.0 and 8.6.1 that might affect how
a TLS close_notify is handled or how the client closes a TCP
socket when running a v. basic or unknown version of HTTP?
Thanks,
S.
[1] https://github.com/sftcd/curl/tree/ECH-experimental
[2] https://draft-13.esni.defo.ie:8413/stats
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
- application/pgp-keys attachment: OpenPGP public key
- application/pgp-signature attachment: OpenPGP digital signature