Your message dated Thu, 11 Oct 2012 18:17:39 +0000
with message-id <[email protected]>
and subject line Bug#685402: fixed in curl 7.28.0-1
has caused the Debian Bug report #685402,
regarding libcurl3-gnutls: curl_easy_perform() fails with error 35 (SSL connect
error)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
685402: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libcurl3-gnutls
Version: 7.26.0-1
Severity: normal
Hi.
I've compiled the https.c example (http://curl.haxx.se/libcurl/c/https.html),
adapted to connect to fusionforge.int-evry.fr on port 443, adding :
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
#define SKIP_PEER_VERIFICATION 1
#define SKIP_HOSTNAME_VERIFICATION 1
with :
$ gcc -g -o https https.c -l curl
I'm getting :
$ ./https
* About to connect() to fusionforge.int-evry.fr port 443 (#0)
* Trying 157.159.11.57...
* connected
* Connected to fusionforge.int-evry.fr (157.159.11.57) port 443 (#0)
* found 0 certificates in /etc/ssl/certs/ca-certificates.crt
* gnutls_handshake() failed: A TLS warning alert has been received.
* Closing connection #0
* SSL connect error
curl_easy_perform() failed: error 35
curl_easy_perform() failed: SSL connect error
It looks like a handshake error, but I cannot manage to go any further at
understanding the problem.
$ ldd ./https
linux-gate.so.1 => (0xb7794000)
libcurl-gnutls.so.4 => /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
(0xb770f000)
libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb75b2000)
libidn.so.11 => /usr/lib/i386-linux-gnu/libidn.so.11 (0xb757e000)
libssh2.so.1 => /usr/lib/i386-linux-gnu/libssh2.so.1 (0xb7554000)
liblber-2.4.so.2 => /usr/lib/i386-linux-gnu/liblber-2.4.so.2
(0xb7545000)
libldap_r-2.4.so.2 => /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2
(0xb74f3000)
librt.so.1 => /lib/i386-linux-gnu/i686/cmov/librt.so.1 (0xb74ea000)
libgssapi_krb5.so.2 => /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2
(0xb74ab000)
libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb7492000)
libgnutls.so.26 => /usr/lib/i386-linux-gnu/libgnutls.so.26 (0xb73ca000)
libgcrypt.so.11 => /lib/i386-linux-gnu/libgcrypt.so.11 (0xb7345000)
librtmp.so.0 => /usr/lib/i386-linux-gnu/librtmp.so.0 (0xb732b000)
/lib/ld-linux.so.2 (0xb7795000)
libresolv.so.2 => /lib/i386-linux-gnu/i686/cmov/libresolv.so.2
(0xb7316000)
libsasl2.so.2 => /usr/lib/i386-linux-gnu/libsasl2.so.2 (0xb72fa000)
libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
(0xb72e1000)
libkrb5.so.3 => /usr/lib/i386-linux-gnu/libkrb5.so.3 (0xb720f000)
libk5crypto.so.3 => /usr/lib/i386-linux-gnu/libk5crypto.so.3
(0xb71e5000)
libcom_err.so.2 => /lib/i386-linux-gnu/libcom_err.so.2 (0xb71df000)
libkrb5support.so.0 => /usr/lib/i386-linux-gnu/libkrb5support.so.0
(0xb71d6000)
libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb71d2000)
libkeyutils.so.1 => /lib/i386-linux-gnu/libkeyutils.so.1 (0xb71cd000)
libtasn1.so.3 => /usr/lib/i386-linux-gnu/libtasn1.so.3 (0xb71bb000)
libp11-kit.so.0 => /usr/lib/i386-linux-gnu/libp11-kit.so.0 (0xb71a8000)
libgpg-error.so.0 => /lib/i386-linux-gnu/libgpg-error.so.0 (0xb71a4000)
Note that connecting with a web browser, and allowing the self-signed cert
exception works.
Initially, my problem was that rapper wouldn't fetch data using libcurl:
$ rapper -f wwwSslVerifyPeer=0 -i rdfa -o turtle
https://fusionforge.int-evry.fr/
rapper: Error - URI https://fusionforge.int-evry.fr/ - Resolving URI failed:
gnutls_handshake() failed: A TLS warning alert has been received.
olivier@inf-8657:~/tmp$ ldd /usr/bin/rapper
linux-gate.so.1 => (0xb76ec000)
libraptor2.so.0 => /usr/lib/libraptor2.so.0 (0xb766e000)
libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb7511000)
libcurl-gnutls.so.4 => /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
(0xb74ab000)
libxslt.so.1 => /usr/lib/i386-linux-gnu/libxslt.so.1 (0xb746e000)
libxml2.so.2 => /usr/lib/i386-linux-gnu/libxml2.so.2 (0xb731b000)
libyajl.so.2 => /usr/lib/i386-linux-gnu/libyajl.so.2 (0xb7310000)
/lib/ld-linux.so.2 (0xb76ed000)
libidn.so.11 => /usr/lib/i386-linux-gnu/libidn.so.11 (0xb72dd000)
libssh2.so.1 => /usr/lib/i386-linux-gnu/libssh2.so.1 (0xb72b2000)
liblber-2.4.so.2 => /usr/lib/i386-linux-gnu/liblber-2.4.so.2
(0xb72a3000)
libldap_r-2.4.so.2 => /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2
(0xb7251000)
librt.so.1 => /lib/i386-linux-gnu/i686/cmov/librt.so.1 (0xb7248000)
libgssapi_krb5.so.2 => /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2
(0xb720a000)
libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb71f0000)
libgnutls.so.26 => /usr/lib/i386-linux-gnu/libgnutls.so.26 (0xb7128000)
libgcrypt.so.11 => /lib/i386-linux-gnu/libgcrypt.so.11 (0xb70a3000)
librtmp.so.0 => /usr/lib/i386-linux-gnu/librtmp.so.0 (0xb7089000)
libm.so.6 => /lib/i386-linux-gnu/i686/cmov/libm.so.6 (0xb7063000)
libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb705e000)
liblzma.so.5 => /lib/i386-linux-gnu/liblzma.so.5 (0xb7037000)
libresolv.so.2 => /lib/i386-linux-gnu/i686/cmov/libresolv.so.2
(0xb7023000)
libsasl2.so.2 => /usr/lib/i386-linux-gnu/libsasl2.so.2 (0xb7007000)
libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
(0xb6fee000)
libkrb5.so.3 => /usr/lib/i386-linux-gnu/libkrb5.so.3 (0xb6f1b000)
libk5crypto.so.3 => /usr/lib/i386-linux-gnu/libk5crypto.so.3
(0xb6ef1000)
libcom_err.so.2 => /lib/i386-linux-gnu/libcom_err.so.2 (0xb6eec000)
libkrb5support.so.0 => /usr/lib/i386-linux-gnu/libkrb5support.so.0
(0xb6ee3000)
libkeyutils.so.1 => /lib/i386-linux-gnu/libkeyutils.so.1 (0xb6ede000)
libtasn1.so.3 => /usr/lib/i386-linux-gnu/libtasn1.so.3 (0xb6ecb000)
libp11-kit.so.0 => /usr/lib/i386-linux-gnu/libp11-kit.so.0 (0xb6eb9000)
libgpg-error.so.0 => /lib/i386-linux-gnu/libgpg-error.so.0 (0xb6eb5000)
There are quite a bunch of hits for similar errors, discussing TLS handshake
issues, and it seems that quite a lot of problems seem to arrise with libcurl +
gnutls (see pycurl discussions)... but nothing that I can understand as the
same issue exactly.
Hope this helps.
Thanks in advance.
Best regards,
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-3-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libcurl3-gnutls depends on:
ii libc6 2.13-35
ii libgcrypt11 1.5.0-3
ii libgnutls26 2.12.20-1
ii libgssapi-krb5-2 1.10.1+dfsg-2
ii libidn11 1.25-2
ii libldap-2.4-2 2.4.31-1
ii librtmp0 2.4+20111222.git4e06e21-1
ii libssh2-1 1.4.2-1
ii multiarch-support 2.13-35
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages libcurl3-gnutls recommends:
ii ca-certificates 20120623
libcurl3-gnutls suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.28.0-1
We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <[email protected]> (supplier of updated curl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 11 Oct 2012 19:11:09 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev
libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg
Architecture: source amd64
Version: 7.28.0-1
Distribution: unstable
Urgency: low
Maintainer: Alessandro Ghedini <[email protected]>
Changed-By: Alessandro Ghedini <[email protected]>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS
flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS
flavour)
libcurl4-openssl-dev - development files and documentation for libcurl
(OpenSSL flavour)
Closes: 685402
Changes:
curl (7.28.0-1) unstable; urgency=low
.
* New upstream release
- gnutls: do not fail on non-fatal handshake errors (Closes: #685402)
* Remove versioned build depends on libssh2 (already in stable)
* Bump Standards-Version to 3.9.4 (no changes needed)
* Refresh 01_runtests_gdb.patch
* Update *.symbols files
* Build depend on ca-certifcates to avoid test failure
Checksums-Sha1:
3ab9b5b1c892225be5c3f347fbec0a07eb764079 2507 curl_7.28.0-1.dsc
259c9ae0428c064cb5aa19791d09b48713bfa0ef 3183346 curl_7.28.0.orig.tar.gz
32a923b3d4003429c0ae3a41ae336d015d8ba3be 29853 curl_7.28.0-1.debian.tar.gz
fef268aac90c12c9f0c92224416bb6a6aef033e5 277368 curl_7.28.0-1_amd64.deb
e79c1a975bbc886e005bf2fde4b6b1849cc6c47d 339350 libcurl3_7.28.0-1_amd64.deb
f0dae54d592c97417080162d102d92be54d332f7 330476
libcurl3-gnutls_7.28.0-1_amd64.deb
c73cfca7f1499551de86b582b535262564d96e45 336670 libcurl3-nss_7.28.0-1_amd64.deb
0f86b7dad3d3c90691cc225ea5d066bc5773b81d 1292966
libcurl4-openssl-dev_7.28.0-1_amd64.deb
0d14985a04a8f564f18d1fe7bc8963e9d0bfbdd4 1281764
libcurl4-gnutls-dev_7.28.0-1_amd64.deb
e6a330ce774466db5619342e7e00fac1ab7fbc7b 1288594
libcurl4-nss-dev_7.28.0-1_amd64.deb
5a3eda25ac0950667ad60be55147f3d1ccd29a84 3389746
libcurl3-dbg_7.28.0-1_amd64.deb
Checksums-Sha256:
bd9fcbd82a2510c1a3d83f9fb7dbfce536c448e4dfefbdbb87039d25426dcf37 2507
curl_7.28.0-1.dsc
ececf0355d352925cb41936be6b50b68d8af1fbd737e267c8fe9e929c5539ff4 3183346
curl_7.28.0.orig.tar.gz
29b0be093f3cd28f56acbdb8cfc640985752b5fe96f7dfec24af5cc55f07f3c9 29853
curl_7.28.0-1.debian.tar.gz
c307a7619f5b56be1433caff90941f5025653297c24ab4bf1c3deb7abb94c738 277368
curl_7.28.0-1_amd64.deb
86113637285ea6a9ffe3d86c454f8e90fcb6aa2000b0cefe2a07806169aef569 339350
libcurl3_7.28.0-1_amd64.deb
95bee7d056d404a6f7237d535d0b72b713e5866523a841f34a7c54c6f08b25ed 330476
libcurl3-gnutls_7.28.0-1_amd64.deb
541e50338468397efc557b8de4e39164e730538db3f6f6ec29376c8bf5e43a2c 336670
libcurl3-nss_7.28.0-1_amd64.deb
373098e9d5f4b8c0fa0f173e28128c078f97beb45974fb470291464a3b342ee4 1292966
libcurl4-openssl-dev_7.28.0-1_amd64.deb
190cfc923814ced643b62407d582cc9c028dfaa65e807211eeccce60fc80258a 1281764
libcurl4-gnutls-dev_7.28.0-1_amd64.deb
b5f70536d72b36482484d8fde8406c2076929defb7aacdc4e958184cd2dada20 1288594
libcurl4-nss-dev_7.28.0-1_amd64.deb
3016a30c4d2b12ec119c3f46153af7c439e7f888bcb6247df8a30b555347556f 3389746
libcurl3-dbg_7.28.0-1_amd64.deb
Files:
f11090f72f045b6dda4c2962a754af6a 2507 web optional curl_7.28.0-1.dsc
cbdc0a79bdf6e657dd387c3d88d802e3 3183346 web optional curl_7.28.0.orig.tar.gz
62c853e61c2be2d4a42dbe64e040de06 29853 web optional curl_7.28.0-1.debian.tar.gz
4c9381217f8a94e88cbf77219a46758d 277368 web optional curl_7.28.0-1_amd64.deb
06fffcb56cf6b5fe98a58a41b308cecf 339350 libs optional
libcurl3_7.28.0-1_amd64.deb
a84e5d72ddadce0a8495ae49c162e20a 330476 libs optional
libcurl3-gnutls_7.28.0-1_amd64.deb
7da40e26e72262ed6b0d547e7902bbce 336670 libs optional
libcurl3-nss_7.28.0-1_amd64.deb
5e79af633e916156d4c04da4dda1619d 1292966 libdevel optional
libcurl4-openssl-dev_7.28.0-1_amd64.deb
e60d8c422c77abea16a03471578a045c 1281764 libdevel optional
libcurl4-gnutls-dev_7.28.0-1_amd64.deb
b14fac73f83abe35194adf5d9267a82f 1288594 libdevel optional
libcurl4-nss-dev_7.28.0-1_amd64.deb
50b760cee708d4d4730551f743dff488 3389746 debug extra
libcurl3-dbg_7.28.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQdwe5AAoJEK+lG9bN5XPL/icQAJU73HT9crxDhaR4BLZoHnGU
tZ5DjjkD4ZvddDRjZ+omZx0SrQcNRvhOBvr7CNPs7j9SbxQ+LePIFRz0c+wFO4Q4
ueLoTwbl/3wR8iRsXR0F//dSZoEBIko4dwbAjwmq3iDQFgIigvkWwv9sI9cWiaUI
s0z6SehxmgN7qNHNvExTKrAfjL8R59Ne9A8aLxp4jErdHTl8xBc/N3AVkZmyY+rx
3nq+sck8ST4InIkALbwEY8EgX87aImehTn9w4Jo8NA5wi02ZEbAu2z8Z8+JHA818
1aCc3JlcGvhO0u93bBXhn3MZyoEx29sIWIW5lleRn7ZefMfVxpR4duNHy+4alzJ/
ExT/0iDd2aNaB3Hd2Jbr6Z4PQD79c41obiETFsqVIbQ1XcfiyYjDhn+04UtGpfVr
ka2I53IM1IEbeqsx75xfziSMGj1pmejNkabAyuuwkQYLwwkGdcj0tftARAqrHv9/
GiO7f5oWm6zeUkMCMUaYKk0WFhhB7GbLfQx9co/LIODLqils7Umyhq29Ng6bbdFJ
XpWQRaI9aDVxQU59NQCylfybadjtdvD2LCpTSdgzjZnkVPbuvVxJpU3uI1hLuTVN
UtWYJjrzQz75UbFCBf+jvCDzculdomojF6/VL07BX9bdibwN8vJ2xcP8bjwvQSoH
DjrzydS7MYbIJDVgx051
=AoX7
-----END PGP SIGNATURE-----
--- End Message ---
