Comments (10)
We need more details. This is not happening for me:
This works fine: curl -1 https://curl.se
curl 8.8.0-DEV (x86_64-pc-linux-gnu) libcurl/8.7.1 OpenSSL/3.2.2 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 libssh2/1.11.0 nghttp2/1.61.0 librtmp/2.3 OpenLDAP/2.5.16
and
curl 8.7.1 (x86_64-pc-linux-gnu) libcurl/8.7.1 OpenSSL/3.2.2 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 libssh2/1.11.0 nghttp2/1.61.0 librtmp/2.3 OpenLDAP/2.5.16
from curl.
mm ok i used a small python web server based on baseHttpHandler,
here is code: (please adapt it as you want, gender file can be anything)
(i used ssl 3.3.1 & 3.2.0)
#!/usr/bin/python3
import http.server
import socketserver
import socket
import ssl
PORT = 8000
GENDER_FILE = 'tts_gender.json'
KEY = "df7a0aa5884e46a89b435e91ffe3c018"
SSL_CERT = 'tts_server.crt'
SSL_KEY = 'tts_server.key'
class MsnSynthesizerHandler(http.server.BaseHTTPRequestHandler):
def __init__(self, request, client_address, server):
super().__init__(request, client_address, server)
def do_GET(self):
assert self.headers.get("ocp-apim-subscription-key") == KEY, "missing or wrong sub key"
print("path=%s", self.path)
assert self.path == "/cognitiveservices/voices/list" , "missing or wrong sub key"
self.send_response(200)
self.send_header('Content-type', 'application/json')
self.end_headers()
with open(GENDER_FILE, "rb") as f:
self.wfile.write(f.read())
Handler = MsnSynthesizerHandler
with socketserver.TCPServer(("", PORT), Handler) as httpd:
httpd.socket = ssl.wrap_socket(httpd.socket, keyfile=SSL_KEY, certfile=SSL_CERT, server_side=True)
print("serving at port", PORT)
httpd.serve_forever()
The tls is handshaked properly and 200 ok sent back, this seems to be just a close con detection,
Note that we build our staic openssl libs, default option mostly,
from curl.
when linking (static) curl app with libcurl & openssl >= 3.2.0 , a simple https 1.0 (or 1.1 with Header connection : close trigger an curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 0 when remote close the connection.
there needs to be a known termination point (like content length, close notify etc) otherwise curl will keep reading. try self.close_notify()
from curl.
@SpitchAG if you get a problem with your custom server only and not with any public sites, I think we can suspect that maybe the issue is in your server...
from curl.
We want to be sure we are not going to have regression issues here,
Do we know why there is a need to have a known termination point using openssl 3.2.x but not using openssl 3.1.x ? (using same curl base code)
i see that when using openssl 3.1, curl is able to deduce :
- no chunk, no close, no size. Assume close to signal end
- Closing connection
WiIth 3.2, (same curl code), this log is replaced by:
- OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 0
- Closing connection
So there is a behavior change caused by openssl upgrade.
from curl.
OpenSSL changed its defaults in handling "unexpected" EOF, see php/php-src#8369 and openssl/openssl#11378, among others.
from curl.
But those threads are pretty old, prior to 3.1., or were they fixed after 3,1 ?
from curl.
AFAIK, the behaviour was changed in OpenSSL 3.2. The thing that seems to be missing in your sample code is the TLS shutdown at the end of the connection. Without a shutdown message from the server, the OpenSSL in curl reports an error when it sees the socket closed.
Since your code does not seem to send a Content-Length
header, curl needs to read until the close of the connection. The TLS shutdown is then necessary for a clean end of the download or it becomes indistinguishable from an abort (e.g. the server just crashing in the middle) and the download being incomplete.
from curl.
Nice, ok yes it seems that this is the ssl change indeed,
so issue can be closed, good job,
from curl.
I can replicate this on openssl 3.3.0 and curl 8.6.0 too.
from curl.
Related Issues (20)
- content length not available in header function, again HOT 4
- aws-sigv4 does not work with URLs containing "=" and other special characters HOT 3
- curl_multi_socket_action crashes occasionally HOT 4
- Download progress callback can be significantly delayed HOT 2
- Document that CURLOPT_SSL_VERIFYHOST applies to SSH HOT 1
- 8.8.0: Test 1553 (IMAP cleanup before a connection was created) appears flaky on some Gentoo systems HOT 9
- configure : Failed to find size of size_t HOT 8
- Regression: In 8.8.0, HTTP3 with QuicTLS errors out with "QUIC needs at least TLS version 1.3" with CURLOPT_SSLVERSION set as documented
- manpage paragraph incorrect indentation HOT 4
- Calling `curl_global_init` after `curl_global_cleanup` failed HOT 2
- IPV6 curl sftp known_host key validation failure HOT 6
- ECH: SIGSEGV when use HTTP/3 HOT 21
- CURL 7.20.0 Form Data: When using curl_formadd to create a multipart request, the boundary delimiter is missing in the generated data. HOT 1
- Android has a broken CLOCK_MONOTONIC_RAW HOT 9
- WebSocket Failure Doesnt Clear socket. HOT 8
- No failure when the header file can't be written HOT 3
- Crash when using CURL_LOCK_DATA_CONNECT in Curl_conn_close at cfilters.c:165 HOT 3
- v8.8.0 - problem with `--write-out`: error 43 - A libcurl function was given a bad argument HOT 14
- Wrong time units of TCP keepalive options on DragonFlyBSD 5.8+
- random OOM errors HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curl.