cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[ curl-Bugs-3395520 ] SSL23_GET_SERVER_HELLO when connecting to OpenSSL 1.0.0

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Sun, 21 Aug 2011 22:26:27 +0200

Bugs item #3395520, was opened at 2011-08-21 02:09
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3395520&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: https
Group: wrong behaviour
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Jan-E (jan-e)
Assigned to: Daniel Stenberg (bagder)
Summary: SSL23_GET_SERVER_HELLO when connecting to OpenSSL 1.0.0

Initial Comment:
Same behaviour as in the closed bug 3165773.

Additional info: fails when connectiing to https://www.domain.tld, but connects correctly to https://domain.tld

E:\utils>curl --version
curl 7.19.4 (i386-pc-win32) libcurl/7.19.4 OpenSSL/0.9.8j zlib/1.2.3 libidn/1.11 libssh2/1.0
Protocols: tftp ftp telnet dict ldap http file https ftps scp sftp
Features: IDN Largefile NTLM SSL SSPI libz

E:\utils>curl -k -I https://sessionportal.net/
HTTP/1.1 200 OK
Date: Sat, 20 Aug 2011 23:59:23 GMT
Server: Apache/2.2.19 (Win32) DAV/2 mod_fcgid/2.3.6 mod_ssl/2.2.19 OpenSSL/1.0.0d PHP/5.3.6
[snip]

E:\utils>curl -k -I https://www.sessionportal.net/
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2011-08-21 22:26

Message:
I found a Linux system of mine that repeats this problem:

$ curl -V
curl 7.21.3 (i486-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4
libidn/1.18 libssh2/1.2.6

$ curl -k -I https://www.sessionportal.net/
curl: (35) error:14077458:SSL
routines:SSL23_GET_SERVER_HELLO:reason(1112)

Very strange...

----------------------------------------------------------------------

Comment By: Jan-E (jan-e)
Date: 2011-08-21 15:48

Message:
The 7.18.1 devel Mingw32 release works. The only difference with the
faulting 7.18.2 seems to be the OpenSSL client version: 0.9.8g versus
0.9.8h.

D:\zip\curl7181>curl -V
curl 7.18.1 (i386-pc-win32) libcurl/7.18.1 OpenSSL/0.9.8g zlib/1.2.3
libssh2/0.18
Protocols: tftp ftp telnet dict ldap http file https ftps scp sftp
Features: Largefile NTLM SSL SSPI libz

D:\zip\curl7181>curl -k -I https://www.sessionportal.net/
HTTP/1.1 200 OK
Date: Sun, 21 Aug 2011 13:43:44 GMT
Server: Apache/2.2.19 (Win32) DAV/2 mod_fcgid/2.3.6 mod_ssl/2.2.19
OpenSSL/1.0.0d PHP/5.3.6

----------------------------------------------------------------------

Comment By: Jan-E (jan-e)
Date: 2011-08-21 15:37

Message:
I could not reproduce it either on Linux / FreeBSD / Centos. But I did not
have a client with OpenSSL/0.9.8h or greater on one of those systems. It
looks like 0.9.8 from the 'h' release on might be the problem. I downloaded
the 7.18.0 and 7.18.2 devel Ming32 releases of Curl. The 0.9.8h had the
problem, the 0.9.8g not.

In the closed bug 0.9.8k was the client OpenSSL (also on Linux)
https://sourceforge.net/tracker/index.php?func=detail&aid=3165773&group_id=976&atid=100976

D:\zip\curl7182>curl -V
curl 7.18.2 (i386-pc-win32) libcurl/7.18.2 OpenSSL/0.9.8h zlib/1.2.3
libssh2/0.18
Protocols: tftp ftp telnet dict ldap http file https ftps scp sftp
Features: Largefile NTLM SSL SSPI libz

D:\zip\curl7182>curl -k -I https://www.sessionportal.net/
curl: (35) error:14077458:SSL
routines:SSL23_GET_SERVER_HELLO:reason(1112)

D:\zip\curl7182>cd ..\curl718

D:\zip\curl718>curl -V
curl 7.18.0 (i386-pc-win32) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3
libssh2/0.1
7
Protocols: tftp ftp telnet dict ldap http file https ftps scp sftp
Features: Largefile NTLM SSL SSPI libz

D:\zip\curl718>curl -k -I https://www.sessionportal.net/
HTTP/1.1 200 OK
Date: Sun, 21 Aug 2011 13:24:14 GMT
Server: Apache/2.2.19 (Win32) DAV/2 mod_fcgid/2.3.6 mod_ssl/2.2.19
OpenSSL/1.0.0
d PHP/5.3.6

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2011-08-21 14:13

Message:
Still, I can't reproduce this. (I don't have or use windows.) This needs to
be debugged and researched further by someone who can reproduce it.

To me it looks much more like an OpenSSL on Windows problem rather than a
curl problem...

----------------------------------------------------------------------

Comment By: Jan-E (jan-e)
Date: 2011-08-21 13:46

Message:
Same effect with the 7.21.7 build
http://www.gknw.de/mirror/curl/win32/curl-7.21.7-ssh2-ssl-sspi-zlib-idn-static-bin-w32.7z
dated 28-Jun-2011 02:00

D:\zip\curl7217>curl --version
curl 7.21.7 (i386-pc-win32) libcurl/7.21.7 OpenSSL/0.9.8r zlib/1.2.5
libidn/1.18 libssh2/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s
rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN Largefile NTLM SSL SSPI libz

D:\zip\curl7217>curl -k -I https://www.sessionportal.net/
curl: (35) error:14077458:SSL
routines:SSL23_GET_SERVER_HELLO:reason(1112)

----------------------------------------------------------------------

Comment By: Jan-E (jan-e)
Date: 2011-08-21 13:38

Message:
Downloaded another win32 build from
http://www.gknw.de/mirror/curl/win32/old_releases/curl-7.21.1-ssh2-ssl-sspi-zlib-idn-static-bin-w32.7z

Same effect:
D:\zip\curl721>curl --version
curl 7.21.1 (i386-pc-win32) libcurl/7.21.1 OpenSSL/0.9.8o zlib/1.2.5
libidn/1.18 libssh2/1.2.7
Protocols: dict file ftp ftps http https imap imaps ldap pop3 pop3s rtsp
scp sftp smtp smtps telnet tftp
Features: AsynchDNS IDN Largefile NTLM SSL SSPI libz

D:\zip\curl721>curl -k -I https://sessionportal.net/
HTTP/1.1 200 OK
Date: Sun, 21 Aug 2011 11:34:32 GMT
Server: Apache/2.2.19 (Win32) DAV/2 mod_fcgid/2.3.6 mod_ssl/2.2.19
OpenSSL/1.0.0d PHP/5.3.6
[snip]

D:\zip\curl721>curl -k -I https://www.sessionportal.net/
curl: (35) error:14077458:SSL
routines:SSL23_GET_SERVER_HELLO:reason(1112)

----------------------------------------------------------------------

Comment By: Jan-E (jan-e)
Date: 2011-08-21 13:13

Message:
I copied the subject from this closed bug:
https://sourceforge.net/tracker/index.php?func=detail&aid=3165773&group_id=976&atid=100976

The Apache server is running OpenSSL/1.0.0d, the client uses
OpenSSL/0.9.8j. I do not know if this causes the odd behaviour.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2011-08-21 12:02

Message:
Your summary says you connect TO openssl 1.0.0, how can you tell? Did you
mean connecting WITH openssl 1.0.0?

I think there's more to it than "just" that version though:

$ curl -V
curl 7.21.7 (i486-pc-linux-gnu) libcurl/7.21.7 OpenSSL/1.0.0d zlib/1.2.3.4
libidn/1.22 libssh2/1.2.8 librtmp/2.3

$ curl -k -I https://www.sessionportal.net/
HTTP/1.1 200 OK
Date: Sun, 21 Aug 2011 10:00:38 GMT

(and it also works fine with my 7.22.0-dev version using the same OpenSSL
version)

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3395520&group_id=976
Received on 2011-08-21

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET