Mailing Lists

curl-tracker Archives

[curl:bugs] #1481 Erroneous debug text when paired with OpenSSL 1.0.2

From: Ashish SHUKLA <wahjava_at_users.sf.net>
Date: Sun, 05 Apr 2015 03:32:14 +0000

Able to reproduce it on FreeBSD 10.1-RELEASE (amd64) with curl-7.41.0, and openssl-1.0.2:

    λ curl -svv -o /dev/null 'https://www.freebsd.org/'
    * Trying 8.8.178.110...
    * Trying 2001:1900:2254:206a::50:0...
    * Connected to www.freebsd.org (8.8.178.110) port 443 (#0)
    * successfully set certificate verify locations:
    * CAfile: /usr/local/share/certs/ca-root-nss.crt
      CApath: none
    * TLSv1.2, TLS Unknown, Unknown (22):
    } [5 bytes data]
    * TLSv1.2, TLS handshake, Client hello (1):
    } [512 bytes data]
    * SSLv2, Unknown (22):
    { [5 bytes data]
    * TLSv1.2, TLS handshake, Server hello (2):
    { [98 bytes data]
    * SSLv2, Unknown (22):
    { [5 bytes data]
    * TLSv1.2, TLS handshake, CERT (11):
    { [4469 bytes data]
    * SSLv2, Unknown (22):
    { [5 bytes data]
    * TLSv1.2, TLS handshake, Server key exchange (12):
    { [589 bytes data]
    * SSLv2, Unknown (22):
    { [5 bytes data]
    * TLSv1.2, TLS handshake, Server finished (14):
    { [4 bytes data]
    * SSLv2, Unknown (22):
    } [5 bytes data]
    * TLSv1.2, TLS handshake, Client key exchange (16):
    } [70 bytes data]
    * SSLv2, Unknown (20):
    } [5 bytes data]
    * TLSv1.2, TLS change cipher, Client hello (1):
    } [1 bytes data]
    * SSLv2, Unknown (22):
    } [5 bytes data]
    * TLSv1.2, TLS handshake, Finished (20):
    } [16 bytes data]
    * SSLv2, Unknown (20):
    { [5 bytes data]
    * TLSv1.2, TLS change cipher, Client hello (1):
    { [1 bytes data]
    * SSLv2, Unknown (22):
    { [5 bytes data]
    * TLSv1.2, TLS handshake, Finished (20):
    { [16 bytes data]
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * Server certificate:
    * subject: OU=Domain Control Validated; OU=Gandi Standard Wildcard SSL; CN=*.freebsd.org
    * start date: 2014-11-18 00:00:00 GMT
    * expire date: 2015-11-18 23:59:59 GMT
    * subjectAltName: www.freebsd.org matched
    * issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
    * SSL certificate verify ok.
    * SSLv2, Unknown (23):
    } [5 bytes data]
> GET / HTTP/1.1
> User-Agent: curl/7.41.0
> Host: www.freebsd.org
> Accept: */*
>
    * SSLv2, Unknown (23):
    { [5 bytes data]
    < HTTP/1.1 200 OK
    < Date: Sun, 05 Apr 2015 03:22:12 GMT
    < Content-Type: text/html
    < Transfer-Encoding: chunked
    < Connection: keep-alive
    < Last-Modified: Sun, 05 Apr 2015 03:10:15 GMT
    < ETag: "5520a797-6f25"
    < Server: ToTheCloud/v0.01
    < X-Varnish: 1938974843 1938974183
    < Age: 25
    < Via: 1.1 wfe0.ysv.FreeBSD.org
    < X-Cache: HIT
    < Strict-Transport-Security: max-age=31536000; includeSubdomains
    <
    { [3820 bytes data]
    * SSLv2, Unknown (23):
    { [5 bytes data]
    * SSLv2, Unknown (23):
    { [5 bytes data]
    * SSLv2, Unknown (23):
    { [5 bytes data]
    * SSLv2, Unknown (23):
    { [5 bytes data]
    * SSLv2, Unknown (23):
    { [5 bytes data]
    * SSLv2, Unknown (23):
    { [5 bytes data]
    * SSLv2, Unknown (23):
    { [5 bytes data]
    * SSLv2, Unknown (23):
    { [5 bytes data]
    * Connection #0 to host www.freebsd.org left intact

---
** [bugs:#1481] Erroneous debug text when paired with OpenSSL 1.0.2**
**Status:** open
**Created:** Wed Feb 04, 2015 07:22 AM UTC by Jay Satiro
**Last Updated:** Wed Feb 04, 2015 07:22 AM UTC
**Owner:** nobody
I'm currently using curl commit cfc6d46 2014-02-04 with OpenSSL 1.0.2 x86 on Windows 7 x64 in configuration 'DLL Debug - DLL OpenSSL'. When I enable verbose output in the curl tool I get a lot of '* SSLv2, Unknown (2x)' during the handshake and once or twice after. For example:

curl -v https://ssllabs.com


* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Server hello (2):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, CERT (11):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Server key exchange (12):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Server finished (14):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Client key exchange (16):
* SSLv2, Unknown (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Finished (20):
* SSLv2, Unknown (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

Same but using OpenSSL 1.0.1j:

* TLSv1.2, TLS handshake, Server hello (2):
* TLSv1.2, TLS handshake, CERT (11):
* TLSv1.2, TLS handshake, Server key exchange (12):
* TLSv1.2, TLS handshake, Server finished (14):
* TLSv1.2, TLS handshake, Client key exchange (16):
* TLSv1.2, TLS change cipher, Client hello (1):
* TLSv1.2, TLS handshake, Finished (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* TLSv1.2, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

I looked in openssl.c at ssl_tls_trace which makes the output and is a callback function passed to OpenSSL's SSL_CTX_callback_ctrl, but there's nothing on that:

https://www.openssl.org/docs/ssl/SSL_callback_ctrl.html

---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

Received on 2015-04-05

This message: [ Message body ]
Next message: Puneet Singhal: "[curl:bugs] #1442 intermittent segfault in mdns_query_callback"
Previous message: Dagobert Michelsen: "[curl:bugs] #1486 Make location of krb5-config configurable"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

These mail archives are generated by hypermail.