Hi,
Communication from client to server using libcurl handle (easy interface)
is failing if the server is rebooted.
The program (code pasted below) creates a curl handle, initializes options
like (url, certificates, timeouts, request etc,) . Then after in an
infinite loop for every 2 seconds sends request to server using curl handle.
Observations are as below:
1. After the program has started, client to server communication is
established properly and messages are exchanged without any error.
2. Later i powered of the server machine. When server is powered off,
curl_easy_perform failed with error code=28, "Timeout was reached
(connect() timed out!)".
3. Then i powered on the machine, while the machine is booting, observed
curl_easy_perform failure with error code=7, "Couldn't connect to
server(couldn't connect to host)".
4. Once curl handle was able to connect to server port, observed
ssl_read error, curl error code=56, "Failure when receiving data from the
peer (SSL read: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate, errno 0)"
5. Further onwards curl_easy_perform fails with error code=58, "Problem
with the local SSL certificate (unable to use client certificate (no key
found or wrong pass phrase?))" and never recovers after that.
6. If i stop the program and restart, the connection is established
successfully. There is no change in certificates.
I am not able to find why curl_easy_perform fails with ssl_read error and
why further onwards says error code =58 (unable to use client certificate).
since communication works with same certificates initially and also after
restarting the process, i think there is no issue with certificates.
I tried openssl commands to verify certificates are correct.
Linux# openssl x509 -noout -modulus -in /opt/certstore/VcCombined.pem |
openssl md5 fe18e9f364d18eba9f39690563aca836
Linux# openssl rsa -noout -modulus -in /opt/certstore/default.key | openssl
md5 fe18e9f364d18eba9f39690563aca836
Linux# openssl verify -CAfile /opt/certstore/sslca/CACertificate.pem
/opt/certstore/VcCombined.pem /opt/certstore/VcCombined.pem: OK
I am not sure how to debug this issue further. If its an issue with openssl
or curl or my program.
-Kowsik
*Client side:*
curl --version
curl 7.25.0 (i686-pc-linux-gnu) libcurl/7.25.0 OpenSSL/0.9.8f
zlib/1.2.1.2libidn/0.5.6 Protocols: dict file gopher http https imap
imaps pop3 pop3s
rtsp smtp smtps telnet Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz
*Server side:*
curl --version
curl 7.25.0 (i686-pc-linux-gnu) libcurl/7.25.0 OpenSSL/1.0.0e
zlib/1.2.1.2libidn/0.5.6 Protocols: dict file gopher http https imap
imaps pop3 pop3s
rtsp smtp smtps telnet Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz
*Program:*
using namespace std;
static std::string buffer;
static int writer(char *data, size_t size, size_t nmemb, std::string *buffer)
{
int result = 0;
if (buffer != NULL)
{
buffer->append(data, size * nmemb);
result = size * nmemb;
}
return result;
}
int main(void)
{
CURL *curl;
CURLcode res;
char request[4096];
char curl_errbuf[CURL_ERROR_SIZE];
int bytes_read = 0;
FILE *lFile = fopen("/tmp/getguid.xml", "r");
if (lFile == NULL)
{
printf("fopen Error: %s\n", strerror(res));
return 1;
}
memset(request, 0, 4096);
bytes_read = fread(request, sizeof(request), 1, lFile);
fclose(lFile);
curl = curl_easy_init();
struct curl_slist* lcurlHeaders = NULL;
lcurlHeaders = curl_slist_append(lcurlHeaders, "Content-Type: text/xml");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, lcurlHeaders);
curl_easy_setopt(curl, CURLOPT_URL,
"https://10.65.124.221:443/xmlInternal/service-reg/forward";);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10);
char *lUCSInterfaceName = "eth0";
curl_easy_setopt(curl, CURLOPT_INTERFACE, lUCSInterfaceName);
curl_easy_setopt(curl, CURLOPT_SSLCERT, "/opt/certstore/VcCombined.pem");
curl_easy_setopt(curl, CURLOPT_SSLKEY, "/opt/certstore/default.key");
curl_easy_setopt(curl, CURLOPT_CAINFO,
"/opt/certstore/sslca/CACertificate.pem");
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L);
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (char*)request);
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, strlen(request));
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errbuf);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buffer);
while(1)
{
memset(curl_errbuf, 0, CURL_ERROR_SIZE);
res = curl_easy_perform(curl);
if(CURLE_OK != res)
printf("curl_easy_perform Error: %s (%s)\n",
curl_easy_strerror(res), curl_errbuf);
else
printf("curl_easy_perform succes\n");
sleep(2);
}
curl_slist_free_all(lCurlHeaders);
curl_easy_cleanup(curl);
return 0;
}
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
