cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[ curl-Bugs-3578418 ] [PATCH] '--tlsauthtype srp' fails to send client username

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Tue, 23 Oct 2012 14:14:24 -0700

Bugs item #3578418, was opened at 2012-10-19 11:07
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578418&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SSL/TLS
Group: wrong behaviour
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Jeff Connelly (jeffconnelly)
Assigned to: Daniel Stenberg (bagder)
Summary: [PATCH] '--tlsauthtype srp' fails to send client username

Initial Comment:
The --tlsauthtype command-line option will attempt to use TLS-SRP but fail to send the username in the Client Hello message if specified as 'srp' (instead of 'SRP').

This causes the handshake to always fail with: curl: (35) error:1407745B:SSL routines:SSL23_GET_SERVER_HELLO:reason(1115)) (the "Unknown PSK Identity" alert):

/usr/local/bin/curl -ik -vvv --tlsuser alice --tlspassword password123 https://localhost:8443/ --tlsauthtype SRP # works
/usr/local/bin/curl -ik -vvv --tlsuser alice --tlspassword password123 https://localhost:8443/ --tlsauthtype foo # fails with invalid --tlsauthtype, as expected
/usr/local/bin/curl -ik -vvv --tlsuser alice --tlspassword password123 https://localhost:8443/ --tlsauthtype srp # fails with reason(1115) - not expected

--tlsauthtype srp is missing:
TLS client extension "SRP" (id=12), len=6
0000 - 05 61 6c 69 63 65 .alice

This is caused by src/tool_getparam.c doing a case-insensitive comparison using strequal() but lib/url.c using the case-sensitive strncmp().

Patch attached to change lib/url.c to the case-insensitive strnequal() to fix this. Tested on curl 7.28.0 with OpenSSL 1.0.1c.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2012-10-23 14:14

Message:
Thanks for the report, this problem is now fixed in the git repository.

To try it out, you either checkout/update your git clone:
http://curl.haxx.se/source.html

or you try tomorrow's daily snapshot: http://curl.haxx.se/snapshots/

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578418&group_id=976
Received on 2012-10-23

These mail archives are generated by hypermail.

donate! Page updated January 05, 2012.
web site info

File upload with ASP.NET