Bugs item #2107377, was opened at 2008-09-12 14:21
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2107377&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: bad behaviour
>Status: Closed
>Resolution: Fixed
Priority: 6
Private: No
Submitted By: Michael Goffioul (goffioul)
Assigned to: Daniel Stenberg (bagder)
Summary: Problem with mutli + GnuTLS + proxy

Initial Comment:
Version: 7.19.0
Compiler: MSVC
GnuTLS version: 2.5.4

I'm behind a HTTP proxy server and when I use the multi
interface of libcurl, I'm unable to download pages with
HTTPS protocol. I'm using the 2 libtest's lib500 (for
the easy interface) and lib502 (for the multi interface).

lib500 succeeds to download https://www.paypal.com.
lib502 fails.

I have enabled GTLSDEBUG, with a log level of 10 and
included the result in attachment. I'm not an expert
at all in those things, but it looks like libcurl gets
an Alert from the server when trying to re-handshaking.

If you need any backtrace, it's no problem for me, just
tell me where I should break execution.

Michael.

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2008-09-22 22:42

Message:
Thanks, this has now been committed. Case closed!

----------------------------------------------------------------------

Comment By: Michael Goffioul (goffioul)
Date: 2008-09-22 13:14

Message:
It seems to fix the problem for me as well. I tried in the
testing configuration that triggered the problem (WebKit+cURL+GnuTLS)
and everything seems to run fine now. Thanks.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2008-09-22 12:26

Message:
Thanks, I did a first test with a patch and this seems to fix it for me.
It'd be nice to hear how this works for you. I'll also do some further
testing before I actually commit this:

diff -u -r1.388 http.c
--- http.c 8 Sep 2008 19:34:58 -0000 1.388
+++ http.c 22 Sep 2008 10:26:03 -0000
@@ -1814,6 +1814,13 @@
   CURLcode result;
   DEBUGASSERT((conn) && (conn->protocol & PROT_HTTPS));
 
+ if(conn->ssl[FIRSTSOCKET].use) {
+ /* in some circumstances, this already has SSL enabled and then we
don't
+ need to connect SSL again */
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
   /* perform SSL initialization for this socket */
   result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, done);
   if(result) {

----------------------------------------------------------------------

Comment By: Michael Goffioul (goffioul)
Date: 2008-09-22 10:27

Message:
I tried the test file (I only modified it to point to my own proxy) and
attached the results. It also fails for me.

To answer you other question, I didn't modified the test cases to use my
proxy, but simply predefined http_proxy and https_proxy environment
variables (as well as CURL_CA_BUNDLE).
File Added: debugit.out.bz2

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2008-09-22 00:37

Message:
Here's my attached version of the code that I assume you used. It seems to
not work with libcurl-gnutls for me (using CVS libcurl and GnuTLS 2.4.1)
File Added: debugit.c

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2008-09-22 00:14

Message:
I assume you meant that you also modified these test cases to use your
particular proxy?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2107377&group_id=976
Received on 2008-09-22