curl / Mailing Lists / curl-library / Single Mail

curl-library

Regarding Error - OpenSSL SSL_connect: SSL_ERROR_SYSCALL

From: Rahul Sabnis via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 31 Aug 2017 12:26:59 +0530

Hello,

I have built CURL (Version: 7.54.0) with SSL.

Below is configure command:
*./configure --prefix=$(INSTALL_DIR) --enable-http --with-ssl=<OpenSSL
Install Dir> --enable-cookies --enable-shared=yes --enable-static=no
--without-zlib --disable-gssapi --disable-ldap --disable-ldaps
--disable-unix-sockets --disable-rtsp*

The built library does not show any dependency on libssl/libcrypto
*>ldd libcurl.so.4*
*libcurl.so.4 needs:*
* /usr/lib/libc.a(shr_64.o)*
* /unix*
* /usr/lib/libcrypt.a(shr_64.o)*

When I use this library in my application, I see below error:
*OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.193.70.82:443
<http://10.193.70.82:443>*

Curl response code for above error is *CURLE_SSL_CONNECT_ERROR (35)*

Below is the curl debug log for HTTP & HTTPS:
----------------------------------------------------------------------------------------------------------------------------------------------
** Trying 10.193.70.83...*
** TCP_NODELAY set*
** Connected to 10.193.70.83 (10.193.70.83) port 443 (#0)*
** Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH*
** OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.193.70.83:443
<http://10.193.70.83:443>*
** Closing connection 0*

** Trying 10.193.70.82...*
** TCP_NODELAY set*
** Connected to 10.193.70.82 (10.193.70.82) port 443 (#0)*
** Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH*
** successfully set certificate verify locations:*
** CAfile: /home/rahul/tcpdump/ExportedCertificate_7_14_2017.pem*
* CApath: none*
** OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.193.70.82:443
<http://10.193.70.82:443>*
** Closing connection 0*
----------------------------------------------------------------------------------------------------------------------------------------------

Same works fine on Linux & Solaris, for both HTTP as well as HTTPS.

Questions which I have are
1. Am I missing anything here ?

2. Is the library correctly linked with OpenSSL ?
    When I use the libcurl compiled without SSL (option --without-ssl) and
try to use HTTPS, I get below error:
    *Protocol "https" not supported or disabled in libcurl*

    Looking at the above error I am assuming right now that libcurl is
linked to OpenSSL. Is that correct ?

3. Is any system configuration causing this problem ?
    I tried this on two systems with same error.

Below is the related code snippet:
------------------------------------------------------------------------------------
*curl = curl_easy_init();*

*curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list);*
*curl_easy_setopt(curl, CURLOPT_URL, url);*
*....*
*....*

*// HTTPS*
*if ( secure ) {*
* curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L);*

* if ( server_certificate_validate ) {*
* curl_easy_setopt(curl, CURLOPT_CAINFO,
server_certificate_path);*
* curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);*
* } else*
* curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);*

* curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);*
*}*

**curl_response_code = curl_easy_perform(curl);*
------------------------------------------------------------------------------------

Thanks,
Rahul.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-08-31