Menu

#727 Fails with ASN1 parser: Element was not found after cleanup

closed-fixed
SSL/TLS (37)
5
2014-10-04
2008-02-08
Mike Hommey
No

When using the gnutls ssl layer, cleaning-up and reinitializing curl ends up with https requests failing with "ASN1 parser: Element was not found" errors.

The following code exposes the problem:
#include <curl/curl.h>
#include <curl/easy.h>

int main(void) {
CURL *easy = curl_easy_init();
curl_easy_setopt(easy, CURLOPT_VERBOSE, 1);
curl_easy_setopt(easy, CURLOPT_URL, "https://www.verisign.com/");
curl_easy_perform(easy);
curl_global_cleanup();
easy = curl_easy_init();
curl_easy_setopt(easy, CURLOPT_VERBOSE, 1);
curl_easy_setopt(easy, CURLOPT_URL, "https://www.verisign.com/");
curl_easy_perform(easy);
}

This works properly with openssl backend, and with the gnutls backend until version 7.16.3, according to CVS tags.

The bug was introduced in this commit:
http://cool.haxx.se/cvs.cgi/curl/lib/gtls.c.diff?r1=1.26&r2=1.27
Note how gtls_inited is not set back to FALSE in cleanup.

The following patch fixes the issue:
--- curl-7.18.0.orig/lib/gtls.c
+++ curl-7.18.0/lib/gtls.c
@@ -110,8 +110,10 @@

int Curl_gtls_cleanup(void)
{
- if(gtls_inited)
+ if(gtls_inited) {
gnutls_global_deinit();
+ gtls_inited = FALSE;
+ }
return 1;
}

Discussion

  • Daniel Stenberg

    Daniel Stenberg - 2008-02-08

    Logged In: YES
    user_id=1110
    Originator: NO

    I can only agree with the analysis, acknowledge the fix, commit it and thank you a lot for the fine report and fix.

    Thanks! Fixed! Closed!

     
  • Daniel Stenberg

    Daniel Stenberg - 2008-02-08
    • status: open --> closed-fixed