UPDATE: I have now used the exact same cgi that I use to post to the webservice, to post the exact same data to a perl script cgi on my server. The perl script simply dumps env, stdin and argv. It shows the data has been received unchanged, i.e. + characters are + characters.
So is there something subtle I am not aware off that would cause a change of data if sent to a webservice but no change if sent to a cgi? I think the answer should be no as the webservice is effectively a cgi itself. Peter Walker Senior Developer Ticketmaster UK 48 Leicester Square London WC2H 7LR T: +44 (0) 207 022 8547 F: +44 (0) 207 915 0411 M: +44 (0) 7855 441471 E: peter.wal...@ticketmaster.co.uk www.ticketmaster.co.uk www.ticketweb.co.uk DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this e-mail in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank You! -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Peter Walker Sent: 18 June 2009 13:15 To: openssl-users@openssl.org Subject: why is my post'd data is being changed? I have this really annoying problem, where the data I'm sending to a webservice via libcurl is being changed :{ The data in question is something like "ad76/fg8+/rt+g35s" and is being received by the webservice as "ad76/fg8 /rt g35s" notice the + characters are being converted to a space character. This is an extract of the code I am using ======================================================================== === CURLcode last_error = curl_global_init(needSSL ? CURL_GLOBAL_SSL : CURL_GLOBAL_NOTHING); curlHandle = curl_easy_init(); curl_easy_setopt(curlHandle, CURLOPT_URL, "https://some-address";); curl_easy_setopt(curlHandle, CURLOPT_HTTPPOST, 1); curl_easy_setopt(curlHandle, CURLOPT_VERBOSE, 1); std::string formdata = "service_check=asd/fg/+/hjg23+Qkl"; curl_easy_setopt(curlHandle, CURLOPT_POSTFIELDS, formdata.c_str()); curl_easy_setopt(curlHandle, CURLOPT_POSTFIELDSIZE, formdata.size()); curl_easy_setopt(curlHandle, CURLOPT_HEADERFUNCTION, writeHeader); curl_easy_setopt(curlHandle, CURLOPT_HEADERDATA, this); curl_easy_setopt(curlHandle, CURLOPT_WRITEFUNCTION, writeData); curl_easy_setopt(curlHandle, CURLOPT_WRITEDATA, this); int status = curl_easy_perform(curlHandle); ======================================================================== === It's not complete code but has all the ssl steps I am taking. Any other webservice request I make is fine because the data does not contain + characters. I have printed my data before passing it in to libcurl and have used CURLOPT_STDERR to see what is going on inside libcurl but whilst CURLOPT_STDERR shows me my data as I expect it, i.e. with + characters in it, I am not sure when CURLOPT_STDERR is actually used by libcurl so I don't know how useful the information in the log file is. What I mean is, does it show libcurl workings immediately after I pass the data in or does it show it immediately before it sends the data in to openssl? Obviously because I am using openssl to connect to a https:// webservice I cannot dump the network traffic to see what it is doing :O So my questions are 1) Why is my data being changed 2) At what point in the execution sequence does CURLOPT_STDERR write the data to the log file? Peter Walker Senior Developer Ticketmaster UK 48 Leicester Square London WC2H 7LR T: +44 (0) 207 022 8547 F: +44 (0) 207 915 0411 M: +44 (0) 7855 441471 E: peter.wal...@ticketmaster.co.uk www.ticketmaster.co.uk www.ticketweb.co.uk DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this e-mail in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank You! -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jelle de Jong Sent: 18 June 2009 09:06 To: openssl-users@openssl.org Subject: Re: SSL_accept error, but I don't know is wrong exactly Victor Duchovni wrote: > On Wed, Jun 17, 2009 at 02:51:10PM -0700, Kyle Hamilton wrote: > >> This isn't really an OpenSSL issue, and I'd suggest asking for help >> from people who are more familiar with postfix. However... > > That's what I told him on the Postfix-users list, but he chose > to come here anyway, despite my best efforts. > > http://archives.neohapsis.com/archives/postfix/2009-06/0560.html > >> The log says that none of the names matched: > > Irrelevant. This name matching is something else entirely (Postfix > mynetworks, and similar lookups). > >> I would view this as a postfix ACL configuration issue, since it's >> denying access from your IP. > > No. > >> (Also: TCP FIN means that the connection was closed by close(), not by >> killing the process such as what happens with a segfault or a rebooted >> system. This in turn means that the problem is in the software, not >> the network.) > > > The OP should return to the Postfix users list AFTER working with the > owner of the sending system to find out why they drop the connection > immediately after sending "STARTLS" and receiving a "220" from Postfix: > > > ... SMTP up to and including EHLO req/resp ... > TCP: sepaip2.webish.nl(34538) -> helmwijk.xs4all.nl(25) Seq 1570587417.(10) ACK 2723884545 PUSH > 0.0934 (0.0180) C>S > --------------------------------------------------------------- > STARTTLS > --------------------------------------------------------------- > > TCP: helmwijk.xs4all.nl(25) -> sepaip2.webish.nl(34538) Seq 2723884545.(30) ACK 1570587427 PUSH > 0.0935 (0.0001) S>C > --------------------------------------------------------------- > 220 2.0.0 Ready to start TLS > --------------------------------------------------------------- > > TCP: sepaip2.webish.nl(34538) -> helmwijk.xs4all.nl(25) Seq 1570587427.(0) ACK 2723884575 FIN > 1 0.1111 (0.0176) C>S TCP FIN > TCP: helmwijk.xs4all.nl(25) -> sepaip2.webish.nl(34538) Seq 2723884575.(0) ACK 1570587428 FIN > 1 0.1117 (0.0005) S>C TCP FIN > TCP: sepaip2.webish.nl(34538) -> helmwijk.xs4all.nl(25) Seq 1570587428.(0) ACK 2723884576 > > > The client drops the TCP connection without sending an SSL HELO, of any > kind and before receiving any other traffic from the server. This is a > client-side issue, with either the client software broken/misconfigured, > or an unhappy firewall in between. > > Because ZERO actual SSL protocol messages are exchanged, if there is an > SSL library problem it is entirely in the client session initialization > code. The OP is operating the server, and so has no questions, related > to the SSL-library or protocol, to ask here. > Thank you Victor and Kyle for your answers, sorry for being offtopic on the openssl list. I will try to move the discussion back to the posftix-user list, my apologies. I thought I should try asking here because I made SSL dumps and tested my network, I also waited a day to see if somebody responded to the postfix users list. See: http://archives.neohapsis.com/archives/postfix/2009-06/0579.html These two answers on the openssl list are one of the most helpful responses so far. I thank you for that. I just wanted to figure out what is going wrong. Who is the client is this case, the webish server contacts my server? Is there an issue with my postfix software or firewall? I will try again to see if teh webish people want to help by sending ssldumps and smtpd logs. Still wondering if the webish certificate could be causing the issues since there is not a singe line of information in there that could connect the certificate to there server its all localhost and other generic stuff. Best regards, Jelle ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
