cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: cert verification problem on curl handle re-use

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 21 Jan 2013 11:40:41 +0100 (CET)

On Sun, 20 Jan 2013, Mischa Salle wrote:

> I wonder if this has to do with the re-use of the existing connection. I
> have seen it fail for SLC5.8, CentOS5.6 and CentOS 5.9. From the code it's
> not clear to me why the connection is being reused.

Are you still referring to the ancient 7.15.5 version from the original report
or are you suggesting you see something wrong in a modern version?

This said, I can't recall any (such) bugs in the connection re-use logic in a
very long time.

> * Re-using existing connection! (#0) with host www.nikhef.nl
> * Connected to www.nikhef.nl (192.16.199.166) port 443 (#0)
> So it re-uses the existing connection, while the CentOS based machine
> starts the second time with:

...

> * Connection #0 to host www.nikhef.nl left intact
> * About to connect() to www.nikhef.nl port 443
> * Trying 192.16.199.166... * connected
> * Connected to www.nikhef.nl (192.16.199.166) port 443
> * SSL certificate problem, verify that the CA cert is OK. Details:

And this is the exact same resource you're getting?

> So no NOT reusing the connection, although it is kept open... For plain
> HTTP, the CentOS is also re-using the connection instead of opening a new
> one.

It does show separate handling of when the connection can be re-used, yes. It
does not really explain why it suddenly has a problem with the (ca) cert. It
could possibly even be a problem with OpenSSL for all we know, as I figure you
have an outdated such version as well...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-01-21