Bug#594150: Bug#594153: Bug#594150: CURLOPT_TIMEOUT defaults to zero seconds

Sun, 14 Nov 2010 03:54:18 -0800 

On Sat, 13 Nov 2010, Simon McVittie wrote:
# GNUTLS backend, zero timeout, fails ./debian/build-gnutls/src/curl -k https://apt-test.aviatis.com/apt-cacher/ftp.us.debian.org/debian/dists/squeeze/Release --cert ../test-client.apt-test.aviatis.com.crt --key ../test-client.apt-test.aviatis.com.key curl: (28) SSL connection timeout 


It turns out that the error in the "GNUTLS, zero timeout" test is the 
*second* occurrence of this error message in lib/gtls.c handshake() (the one 
marked as "g2" in my git branch referenced above). Curl_timeleft() returns 
0, and Curl_socket_ready() also returns 0.



This turned out to be a minor bug in curl, yes, and I've fixed it upstream 
now. BUT, I'd like to stress that the timeout problem was just a false track 
and it simply made the error reporting a bit confused and now with my fix curl 
will instead say this:



$ ./src/curl -k 
https://apt-test.aviatis.com/apt-cacher/ftp.us.debian.org/debian/dists/squeeze/ 
-v

* About to connect() to apt-test.aviatis.com port 443 (#0)
*   Trying 204.145.147.227... connected
* Connected to apt-test.aviatis.com (204.145.147.227) port 443 (#0)
* found 141 certificates in /etc/ssl/certs/ca-certificates.crt
*        server certificate verification SKIPPED
*        common name: apt-test.aviatis.com (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #1
*        subject: C=US,ST=CA,O=apt-test.aviatis.com,CN=apt-test.aviatis.com
*        start date: Mon, 23 Aug 2010 04:23:41 GMT
*        expire date: Sun, 19 May 2013 04:23:41 GMT
*        issuer: C=US,ST=CA,O=apt-test.aviatis.com,CN=apt-test.aviatis.com
*        compression: NULL
*        cipher: AES-128-CBC
*        MAC: SHA1

GET /apt-cacher/ftp.us.debian.org/debian/dists/squeeze/ HTTP/1.1

User-Agent: curl/7.21.3-DEV (i686-pc-linux-gnu) libcurl/7.21.3-DEV 

GnuTLS/2.8.6 zlib/1.2.3.4 c-ares/1.7.4-DEV libidn/1.18 libssh2/1.2.6

Host: apt-test.aviatis.com
Accept: */*


* gnutls_handshake() failed: Decryption has failed.
* Closing connection #0
curl: (35) gnutls_handshake() failed: Decryption has failed.



... this should be compared with what curl says when instead built to use 
OpenSSL (the exact same code base, the current git version built with some 
extra debug):




$ ./src/curl -k 
https://apt-test.aviatis.com/apt-cacher/ftp.us.debian.org/debian/dists/squeeze/ 
-v

* About to connect() to apt-test.aviatis.com port 443 (#0)
*   Trying 204.145.147.227... connected
* Connected to apt-test.aviatis.com (204.145.147.227) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*        subject: C=US; ST=CA; O=apt-test.aviatis.com; CN=apt-test.aviatis.com
*        start date: 2010-08-23 04:23:41 GMT
*        expire date: 2013-05-19 04:23:41 GMT
*        common name: apt-test.aviatis.com (matched)
*        issuer: C=US; ST=CA; O=apt-test.aviatis.com; CN=apt-test.aviatis.com

* 	 SSL certificate verify result: self signed certificate (18), 
continuing anyway.

GET /apt-cacher/ftp.us.debian.org/debian/dists/squeeze/ HTTP/1.1

User-Agent: curl/7.21.3-DEV (i686-pc-linux-gnu) libcurl/7.21.3-DEV 

OpenSSL/0.9.8o zlib/1.2.3.4 c-ares/1.7.4-DEV libidn/1.18 libssh2/1.2.8_DEV 
librtmp/2.2e

Host: apt-test.aviatis.com
Accept: */*


* SSLv3, TLS handshake, Hello request (0):
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS alert, Server hello (2):

* SSL read: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake 
failure, errno 0

* Closing connection #0

curl: (56) SSL read: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert 
handshake failure, errno 0



... to me, it seems the remote server is a bit troublesome.


--

 / daniel.haxx.se



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org























					Reply via email to