cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Unable to get cURL/https + mod_chroot to work

From: hanji <hanji_at_uno-code.com>
Date: Wed, 25 Apr 2007 08:56:46 -0600

Hello All

I'm new to the list. I'm running into a problem that I'm hoping that
someone will be able to help out. It's related to cURL and https while
in mod_chroot jail.

I've seen an older thread mentioning this (solution does not work for
me):
http://curl.haxx.se/mail/curlphp-2005-10/0020.html

I've verified that I have /dev/null and /dev/urandom in the jail. I
also verfied that I have the /usr/share/curl/curl-ca-bundle.crt in the
jail as well. I also copied over the libcrypto.so.0.9.8 and
libssl.so.0.9.8 to the jail's /usr/lib directory. All tests were
performed after apache restarts to ensure that libs were loaded, etc

My server is Gentoo based web server with the following packages
installed (just relating to the test)
kernel: 2.6.18-hardened-r6
www-apache/mod_chroot-0.4
net-www/apache-2.0.58-r2
dev-lang/php-4.4.6
net-misc/curl-7.15.1-r1

When I execute the following curl test script (URLs and IPs have been
altered for this mailing list) the script will 'hang' forever without
completing. If I remove mod_chroot, then everything works as expected.

<?
$hostURL = "https://secure.test.com/";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $hostURL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('User-Agent: test/a.b.c'));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_CAINFO, "/usr/share/curl/curl-ca-bundle.crt");
$result = curl_exec ($ch);
curl_close ($ch);
unset($ch);
echo $result
?>

I also tried testing with SSL_VERIFYPEER at 0 and VERIFYHOST at 2 as
mentioned in cURL/mod_chroot thread.

I ran strace during this test.. and it appears that everything is
working fine, then it goes to perpetual waitpid since I don't have
timeout opt set. Any ideas on where to start looking?

Thanks in advance!
hanji

OUTPUT of strace:

14800 connect(35, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("66.219.xxx.xxx")}, 28) = 0 14800 fcntl64(35,
F_GETFL) = 0x2 (flags O_RDWR) 14800 fcntl64(35, F_SETFL,
O_RDWR|O_NONBLOCK) = 0 14800 gettimeofday({1177440681, 741919}, NULL) =
0 14800 poll([{fd=35, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
14800 send(35, "\227\261\1\0\0\1\0\0\0\0\0\0\6secure\ftest"..., 41,
MSG_NOSIGNAL) = 41 14800 poll([{fd=35, events=POLLIN, revents=POLLIN}],
1, 5000) = 1 14800 ioctl(35, FIONREAD, [133]) = 0
14800 recvfrom(35, "\227\261\201\200\0\1\0\1\0\2\0\2\6secure\ftest"...,
1024, 0, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("66.219.xxx.xxx")}, [16]) = 133 14800
close(35) = 0 14800
time(NULL) = 1177440681 14800
gettimeofday({1177440681, 744982}, NULL) = 0 14800
gettimeofday({1177440681, 745021}, NULL) = 0 14800 socket(PF_INET,
SOCK_STREAM, IPPROTO_IP) = 35 14800 futex(0xb7bdfa38, FUTEX_WAKE,
2147483647) = 0 14800 fcntl64(35, F_GETFL) = 0x2 (flags
O_RDWR) 14800 fcntl64(35, F_SETFL, O_RDWR|O_NONBLOCK) = 0 14800
connect(35, {sa_family=AF_INET, sin_port=htons(443),
sin_addr=inet_addr("66.219.xxx.xxx")}, 16) = -1 EINPROGRESS (Operation
now in progress) 14800 poll([{fd=35, events=POLLOUT, revents=POLLOUT}],
1, 300000) = 1 14800 getsockopt(35, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
14800 gettimeofday({1177440681, 745726}, NULL) = 0 14800
gettimeofday({1177440681, 745763}, NULL) = 0 14800
stat64("/dev/urandom", {st_mode=S_IFCHR|0444, st_rdev=makedev(1,
8), ...}) = 0 14800 open("/dev/urandom", O_RDONLY) = 36 14800
read(36, "\330K\17\266\236s\20\246", 1024) = 8 14800 read(36,
<unfinished ...> 13230 <... select resumed> ) = 0 (Timeout)
13230 clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7ab86f8) = 23583 13230 waitpid(-1, <unfinished ...>
23583 rt_sigaction(SIGHUP, {0x8067f60, [], SA_INTERRUPT},
<unfinished ...> 13230 <... waitpid resumed> 0xbf9f96d8,
WNOHANG|WSTOPPED) = 0 23583 <... rt_sigaction resumed> {0x8067b30, [HUP
USR1], 0}, 8) = 0 13230 select(0, NULL, NULL, NULL, {1, 0}
<unfinished ...> 23583 rt_sigaction(SIGTERM, {0x8067f60, [],
SA_INTERRUPT}, {0x8067b10, [], 0}, 8) = 0 23583 rt_sigaction(SIGUSR1,
{SIG_IGN}, {0x8067b30, [HUP USR1], 0}, 8) = 0 23583
geteuid32() = 0 23583
setgid32(81) = 0 23583
open("/proc/sys/kernel/ngroups_max", O_RDONLY) = -1 ENOENT (No such
file or directory) 23583 open("/etc/group", O_RDONLY) = 34 23583
fcntl64(34, F_GETFD) = 0 23583 fcntl64(34, F_SETFD,
FD_CLOEXEC) = 0 23583 _llseek(34, 0, [0], SEEK_CUR) = 0 23583
fstat64(34, {st_mode=S_IFREG|0644, st_size=13, ...}) = 0 23583
mmap2(NULL, 13, PROT_READ, MAP_SHARED, 34, 0) = 0xb6f2d000 23583
_llseek(34, 13, [13], SEEK_SET) = 0 23583 fstat64(34,
{st_mode=S_IFREG|0644, st_size=13, ...}) = 0 23583 munmap(0xb6f2d000,
13) = 0 23583 close(34) = 0 23583
setgroups32(1, [81]) = 0 23583
geteuid32() = 0 23583
setuid32(81) = 0 23583
time(NULL) = 1177440681 23583 semop(2457603,
0xb7c91c0c, 1 <unfinished ...> 13230 <... select resumed> )
= 0 (Timeout) 13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
13230 waitpid(-1, 0xbf9f96d8, WNOHANG|WSTOPPED) = 0
13230 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2007-04-25