Bug#1012807: curl: "unexpected eof" from Patroni API endpoint after client upgrade to OpenSSL 3

Ben Harris Tue, 14 Jun 2022 08:00:19 -0700

Package: curl
Version: 7.83.1-1+b1
Severity: normal
Control: fixed -1 7.83.0-1


Dear Maintainer,

Patroni (Debian package "patroni") is a piece of cluster management 
software for PostgreSQL that provides an HTTPS endpoint for managing it.  
When connecting to a Patroni instance from curl 7.83.0-1 (a version 
using libssl1.1), everything works happily:

wraith:~# curl --fail --insecure https://infra-db.srv.uis.cam.ac.uk:8008/ -o 
/dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   651    0   651    0     0  62928      0 --:--:-- --:--:-- --:--:-- 65100

However, when I upgrade to curl 7.83.1-1+b1, I get an error from the 
same request:

wraith:~# curl --fail --insecure https://infra-db.srv.uis.cam.ac.uk:8008/ -o 
/dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   651    0   651    0     0  22106      0 --:--:-- --:--:-- --:--:-- 22448
curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while 
reading, errno 0

I would expect the two versions to behave the same.

Patroni uses Python's "http.server" to implement its API endpoint, so it 
may be possible to construct a simple test-case out of that.  I haven't 
yet tried.

I'm not certain that this bug is in cURL rather than in OpenSSL, Python, 
or Patroni, but cURL is the part I'm interacting with so it seems like a 
good place to start.

Here are the versions of libcurl4's dependencies, since they might be 
relevant:

ii  libbrotli1:i386        1.0.9-2+b3
ii  libgssapi-krb5-2:i386  1.19.2-2+b2
ii  libidn2-0:i386         2.3.2-2
ii  libldap-2.5-0:i386     2.5.12+dfsg-2
ii  libnghttp2-14:i386     1.47.0-1+b1
ii  libpsl5:i386           0.21.0-1.2
ii  librtmp1:i386          2.4+20151223.gitfa8646d.1-2+b2
ii  libssh2-1:i386         1.10.0-3+b1
ii  libssl3:i386           3.0.3-7
ii  libzstd1:i386          1.5.2+dfsg-1

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 5.17.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages curl depends on:
ii  libc6     2.33-7
ii  libcurl4  7.83.1-1+b1
ii  zlib1g    1:1.2.11.dfsg-4

curl recommends no packages.

curl suggests no packages.

-- no debconf information

Bug#1012807: curl: "unexpected eof" from Patroni API endpoint after client upgrade to OpenSSL 3

Reply via email to