cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-3110991 ] gnutls_handshake() error on Windows

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Fri, 19 Nov 2010 21:35:28 +0000

Bugs item #3110991, was opened at 2010-11-17 12:06
Message generated for change (Comment added) made by dfandrich
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3110991&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SSL/TLS
Group: portability problem
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Matthias Bolte (photron)
>Assigned to: Dan Fandrich (dfandrich)
Summary: gnutls_handshake() error on Windows

Initial Comment:
When curl is complied with GnuTLS on Windows then trying to access https://www.google.com (for example) fails with a gnutls_handshake() error:

$ curl -kv https://www.google.com
* timeout on name lookup is not supported
* About to connect() to www.google.com port 443 (#0)
* Trying 66.249.92.104... connected
* Connected to www.google.com (66.249.92.104) port 443 (#0)
* gnutls_handshake() failed: A TLS packet with unexpected length was received.
* gnutls_handshake() failed: The specified session has been invalidated for some reason.

The last line is then repeated over and over again.

I traced this problem down to this commit from 2006:

https://github.com/bagder/curl/commit/fcccf9aa0d93c666e8ae31ebdde716cddd6b4482

By adding custom pull/push functions this commit also overrides the WSAGetLastError()-to-errno translation GnuTLS does on Windows. This causes the handshake error. When I copy the WSAGetLastError()-to-errno translation from GnuTLS (lib/gnutls_buffers.c _gnutls_read) to the custom pull/push functions then this problem is fixed and curl -kv https://www.google.com works as expected.

Some version information: This is on a Windows XP 32bit system with

$ curl --version
curl 7.21.2 (i686-pc-mingw32) libcurl/7.21.2 GnuTLS/2.10.1 zlib/1.2.4
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: Largefile NTLM SSL libz

----------------------------------------------------------------------

Comment By: Dan Fandrich (dfandrich)
Date: 2010-11-19 13:35

Message:
Thanks for the report, this problem is now fixed in the git repository.

To try it out, you either checkout/update your git clone:
http://curl.haxx.se/source.html

or you try tomorrow's daily snapshot: http://curl.haxx.se/snapshots/

----------------------------------------------------------------------

Comment By: Matthias Bolte (photron)
Date: 2010-11-19 09:08

Message:
The ability to provide your own push and pull functions is more generic
than just replacing send and recv for a socket. gnutls_transport_set_ptr
takes a gnutls_transport_ptr_t. This can be a socket, but could also be
something else, as long as the transport pointer combined with the custom
push and pull functions behaves like GnuTLS expects it. This is the way
this API is supposed to work, as I understand it.

Because GnuTLS doesn't require that the transport is actually a socket it
cannot assume that you use Winsock on Windows as your transport. Therefore,
it cannot do the WSAGetLastError() translation for you when you use custom
push and pull functions. So curl has to do this.

I attached a v2 of the patch that moves the error conversion to a separate
function, as suggested. Also it uses gnutls_transport_set_global_errno() to
set errno in order to avoid possible problems when GnuTLS and curl are
linked to different versions of msvcrt.dll (suggested by the GnuTLS
documentation).

----------------------------------------------------------------------

Comment By: Dan Fandrich (dfandrich)
Date: 2010-11-18 22:42

Message:
IMHO, this looks more like a bug in GnuTLS than libcurl to me. If the push
& pull functions are supposed to replace the system's own versions, then
GnuTLS should be using WSAGetLastError() to get the socket error code, not
errno.

But if that's the way the API is supposed to work (i.e. it isn't just an
accident), then your patch looks fine to me. My only suggestion would be to
pull the error conversion routines into a separate function to avoid
duplication of the identical code block.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3110991&group_id=976
Received on 2010-11-19

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET