[SOLVED in 7.56.0] curl 7.54.0 does not work on https, 7.53 does.

kokoko3k · 2017-05-30 10:47:48

-EDIT-
It seems a problem specific to my network; curl 7.54.0 does work if i use a socks server in a ssh tunnel, but it fails if i use a socks server over an unencrypted channel.
That lead me think that some device on the network is interfering with curl.
Since i've no access to the network internals, my new question is: why old curl does work and the new does not?
--
-EDIT-
So, it seems that is not curl itself, but the openssl lib it is linked against.
i downloaded the latest curl PKGBUID, added: export PKG_CONFIG_PATH=/usr/lib/openssl-1.0/pkgconfig before ./configure and made the package.
now curl works ok by using openssl-1.0 libraries.

I mark this as solved, but infact it is not, because something on this network is doing bad things.

---------

Since today, i discovered that curl is unable to connect to https sites.
Here is what happens:

koko@Gozer# curl -v https://bbs.archlinux.org
* Rebuilt URL to: https://bbs.archlinux.org/
*   Trying 5.9.250.164...
* TCP_NODELAY set
* Connected to bbs.archlinux.org (5.9.250.164) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bbs.archlinux.org:443 
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bbs.archlinux.org:443

Plain http works as expected, wget works as expected in https too.
System is now fully upgraded (through wget) apart from kernel (running 4.8.13).

time is set correctly:

koko@Gozer# sudo ntpdate ntp1.inrim.it
30 May 12:47:38 ntpdate[5566]: adjust time server 193.204.114.232 offset -0.020182 sec

-EDIT-
I tried to do the very same thing by connecting with an outdated arch and it works.

Any advice please?

Last edited by kokoko3k (2017-10-19 12:17:09)

Trilby · 2017-05-30 11:31:59

No problem here, how about the following diagnostics:

pacman -Q curl
which curl
ldd /usr/bin/curl

Also, do you get the same output while ignoring any configs:

curl -q -v https://bbs.archlinux.org

Last edited by Trilby (2017-05-30 11:35:35)

kokoko3k · 2017-05-30 11:33:44

Thanks, but all seems fine:

 koko@Gozer# pacman -Q curl
curl 7.54.0-3

[13:32:50]  cd ~
koko@Gozer# which curl
/usr/bin/curl

[13:32:50]  cd ~
koko@Gozer# ldd /usr/bin/curl
        linux-vdso.so.1 (0x00007fffb6fa7000)
        libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007f82deb97000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007f82de980000)
        libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f82de762000)
        libc.so.6 => /usr/lib/libc.so.6 (0x00007f82de3bd000)
        libnghttp2.so.14 => /usr/lib/libnghttp2.so.14 (0x00007f82de196000)
        libssh2.so.1 => /usr/lib/libssh2.so.1 (0x00007f82ddf68000)
        libpsl.so.5 => /usr/lib/libpsl.so.5 (0x00007f82ddd5a000)
        libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007f82ddaef000)
        libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x00007f82dd674000)
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00007f82dd427000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00007f82dd13f000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00007f82dcf0b000)
        libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x00007f82dcd07000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f82dee16000)
        libicuuc.so.59 => /usr/lib/libicuuc.so.59 (0x00007f82dc956000)
        libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f82dc752000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00007f82dc545000)
        libkeyutils.so.1 => /usr/lib/libkeyutils.so.1 (0x00007f82dc341000)
        libresolv.so.2 => /usr/lib/libresolv.so.2 (0x00007f82dc12b000)
        libicudata.so.59 => /usr/lib/libicudata.so.59 (0x00007f82da618000)
        libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f82da28f000)
        libm.so.6 => /usr/lib/libm.so.6 (0x00007f82d9f7d000)
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007f82d9d66000)

-EDIT-
An old (1 year or more) systemd container seems to work fine too.
Tried to replace /etc/ssl/certs/ca-certificates.crt with an old one to no avail.
I'll keep searching.

-EDIT-

root@Gozer# curl -q -v https://bbs.archlinux.org
* Rebuilt URL to: https://bbs.archlinux.org/
*   Trying 5.9.250.164...
* TCP_NODELAY set
* Connected to bbs.archlinux.org (5.9.250.164) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bbs.archlinux.org:443 
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bbs.archlinux.org:443

Last edited by kokoko3k (2017-05-30 11:43:29)

kokoko3k · 2017-05-30 11:56:33

Sorry to not editing the previous post, but this one seems important to me.
I manually extracted the old curl package (7.53.1-1), set LD_PRELOAD to it and tried it, and it works:

LD_PRELOAD=/home/koko/tmp/curl/usr/lib/libcurl.so.4.4.0  /home/koko/tmp/curl/usr/bin/curl https://www.google.it
(HTTP DATA)

koko@Gozer# LD_PRELOAD=/home/koko/tmp/curl/usr/lib/libcurl.so.4.4.0  ldd /usr/bin/curl
        linux-vdso.so.1 (0x00007fff42f6d000)
        /home/koko/tmp/curl/usr/lib/libcurl.so.4.4.0 (0x00007fe0e6bda000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007fe0e69c3000)
        libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007fe0e67a5000)
        libc.so.6 => /usr/lib/libc.so.6 (0x00007fe0e6400000)
        libssh2.so.1 => /usr/lib/libssh2.so.1 (0x00007fe0e61d2000)
        libpsl.so.5 => /usr/lib/libpsl.so.5 (0x00007fe0e5fc4000)
        libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007fe0e5d57000)
        libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007fe0e58e2000)
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00007fe0e5695000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00007fe0e53ad000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00007fe0e5179000)
        libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x00007fe0e4f75000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fe0e6e53000)
        libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007fe0e4d0a000)
        libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x00007fe0e488f000)
        libicuuc.so.59 => /usr/lib/libicuuc.so.59 (0x00007fe0e44de000)
        libdl.so.2 => /usr/lib/libdl.so.2 (0x00007fe0e42da000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00007fe0e40cd000)
        libkeyutils.so.1 => /usr/lib/libkeyutils.so.1 (0x00007fe0e3ec9000)
        libresolv.so.2 => /usr/lib/libresolv.so.2 (0x00007fe0e3cb3000)
        libicudata.so.59 => /usr/lib/libicudata.so.59 (0x00007fe0e21a0000)
        libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007fe0e1e17000)
        libm.so.6 => /usr/lib/libm.so.6 (0x00007fe0e1b05000)
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007fe0e18ee000)

Since old curl with new libcurl library does not work as well:

koko@Gozer# /home/koko/tmp/curl/usr/bin/curl https://www.google.it
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.it:443

...it Seems that is libcurl itself causing me troubles

-EDIT-

Still something i can't understand is going on.
curl 7.53.1-1 OK
curl 7.54.0-3 NOT OK
In my pacman log i see:

[2017-05-10 16:37] [ALPM] upgraded curl (7.54.0-2 -> 7.54.0-3)

Now, since i use pacman via curl itself to upgrade packages, i may think that curl 7.54.0-2 should work, right?
Well it does not!

# cd ~/tmp/curl
# cp /var/cache/pacman/pkg/curl-7.54.0-2-x86_64.pkg.tar.xz ./
# tar -xvf curl-7.54.0-2-x86_64.pkg.tar.xz >/dev/null
# LD_LIBRARY_PATH=/home/koko/tmp/curl/usr/lib/ ./usr/bin/curl https://www.google.it
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.it:443

I'm really puzzled.

-EDIT-
Seems old curl works because i've openssl-1.0 installed, so my problem may be openssl related (?)

-EDIT-
So i toke that systemd container and updated it, and guess what? same thing happened.

Last edited by kokoko3k (2017-05-30 13:12:10)

kokoko3k · 2017-10-19 12:16:19

" "Fixed" " upstream in the latest curl by the following:
https://github.com/curl/curl/commit/ea1 … 389a6510ac

My network admin has been very lucky, and i lost the chance to tell him "I TOLD YOU!"
Damn.

Last edited by kokoko3k (2017-10-19 12:16:31)

Arch Linux

#1 2017-05-30 10:47:48

[SOLVED in 7.56.0] curl 7.54.0 does not work on https, 7.53 does.

#2 2017-05-30 11:31:59

Re: [SOLVED in 7.56.0] curl 7.54.0 does not work on https, 7.53 does.

#3 2017-05-30 11:33:44

Re: [SOLVED in 7.56.0] curl 7.54.0 does not work on https, 7.53 does.

#4 2017-05-30 11:56:33

Re: [SOLVED in 7.56.0] curl 7.54.0 does not work on https, 7.53 does.

#5 2017-10-19 12:16:19

Re: [SOLVED in 7.56.0] curl 7.54.0 does not work on https, 7.53 does.

Board footer