Discussion:
SSL read error: 5 - What could be the reson?
Naren D
2003-01-10 02:39:27 UTC
Permalink
I am using curl 7.9.8 and OpessSLL 9.6d on AIX5.1. I am trying to POST some data to a secure server. The program fails with the following error:

SSL read error: 5

Here is the chunk of code POSTing the data:

/* set the content headers */
struct curl_slist *headers=NULL;
headers = curl_slist_append(headers, "Content-Type: text/xml");

/* specify URL to post to */
curl_easy_setopt(curl_handle, CURLOPT_URL, inetaddress.data());

/* Now specify we want to POST data */
curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, message.data());
curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, headers);

/* Set the expected POST size */
curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, strlen(message.data()));

/* Set the buffer to receive error messages */
curl_easy_setopt(curl_handle, CURLOPT_ERRORBUFFER, errbuf);

/* send all response data to this function */
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);

/* we pass our 'chunk' struct to the callback function */
curl_easy_setopt(curl_handle, CURLOPT_FILE, (void *)&chunk);

/* get it! */
res = curl_easy_perform(curl_handle);

if( res != CURLE_OK )
{
cout<<"SSL Post ERROR: - "<<errbuf<<endl;
}
else
{
//Successful curl execution, copy the response and clean up
RWCString response((char *)chunk.memory, chunk.size);
resp = response;
}

TIA
Naren.


_____________________________________________________________
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
Daniel Stenberg
2003-01-10 09:12:07 UTC
Permalink
Post by Naren D
I am using curl 7.9.8 and OpessSLL 9.6d on AIX5.1. I am trying to POST some
SSL read error: 5
That is the OpenSSL error called SSL_ERROR_SYSCALL.

It would probably help if you added 'errno' to that error message so see what
kind of error the syscall might've set on return.

[good-looking libcurl-using code cut out]
--
Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
Naren D
2003-01-10 19:59:23 UTC
Permalink
Here are the details:

ERROR: - SSL read error: 5
The error generated was 73
It means: Connection reset by peer
Error retrieving response

Sometimes I get "Empty Reply from server" error.

Thanks,
Naren.
Post by Naren D
I am using curl 7.9.8 and OpessSLL 9.6d on AIX5.1. I am trying to POST some
SSL read error: 5
That is the OpenSSL error called SSL_ERROR_SYSCALL.

It would probably help if you added 'errno' to that error message so see what
kind of error the syscall might've set on return.

[good-looking libcurl-using code cut out]
--
Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.





_____________________________________________________________
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
Daniel Stenberg
2003-01-13 06:50:05 UTC
Permalink
Post by Naren D
ERROR: - SSL read error: 5
The error generated was 73
It means: Connection reset by peer
Error retrieving response
Right, so it means that the connection was broken and thus, this error is
perfectly reasonable.
Post by Naren D
Sometimes I get "Empty Reply from server" error.
That too points to a problem with the site, or possibly with on old libcurl
bug that causes it to sometimes say that wrongly. (We did fix numerous bugs
since 7.9.8.)
--
Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
Naren D
2003-01-14 15:41:40 UTC
Permalink
Let's just say SSL support is not complete with Curl. I wrote a perl script to do the same and it always works. I am posting a message to a secure server and getting the response.

I glanced through the source code and I found that there was no support for servers that intiate authentication for sending response. Here is the quote from OpenSSL site (from the FAQ, item - 19):

"A pitfall to avoid: Don't assume that SSL_read() will just read from the underlying transport or that SSL_write() will just write to it -- it is also possible that SSL_write() cannot do any useful work until there is data to read, or that SSL_read() cannot do anything until it is possible to send data. One reason for this is that the peer may request a new TLS/SSL handshake at any time during the protocol, requiring a bi-directional message exchange; both SSL_read() and SSL_write() will try to continue any pending handshake. "

I guess the server I am trying to post the message to, is an exception they are referring to. My posted message reaches the server but I don't get the response.

I didn't find the call "SSL_set_accept_state()" in the Curl source code. So Curl doesn't seem to understand the request for a new TLS/SSL handshake before the secure server sends the response. Curl uses the same handle for both SSL read and SSL write calls.

Where as Perl uses the same OpenSSL but their modules are coded to handle this situation. So I gave up on Curl and embedded perl interpreter in my C++ code.

Naren.



On Mon, 13 Jan 2003 07:50:05
Post by Daniel Stenberg
Post by Naren D
ERROR: - SSL read error: 5
The error generated was 73
It means: Connection reset by peer
Error retrieving response
Right, so it means that the connection was broken and thus, this error is
perfectly reasonable.
Post by Naren D
Sometimes I get "Empty Reply from server" error.
That too points to a problem with the site, or possibly with on old libcurl
bug that causes it to sometimes say that wrongly. (We did fix numerous bugs
since 7.9.8.)
_____________________________________________________________
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus


-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
Daniel Stenberg
2003-01-14 16:32:16 UTC
Permalink
Post by Naren D
Let's just say SSL support is not complete with Curl.
I've never assumed otherwise.
Post by Naren D
I glanced through the source code and I found that there was no support for
servers that intiate authentication for sending response.
Sorry, what exactly does this mean and what kind of change are you
suggesting?
Post by Naren D
"A pitfall to avoid: Don't assume that SSL_read() will just read from the
underlying transport or that SSL_write() will just write to it -- it is
also possible that SSL_write() cannot do any useful work until there is
data to read, or that SSL_read() cannot do anything until it is possible to
send data. One reason for this is that the peer may request a new TLS/SSL
handshake at any time during the protocol, requiring a bi-directional
message exchange; both SSL_read() and SSL_write() will try to continue any
pending handshake. "
And you're saying that this applies to how curl works?
Post by Naren D
I guess the server I am trying to post the message to, is an exception they
are referring to. My posted message reaches the server but I don't get the
response.
And why is this?
Post by Naren D
I didn't find the call "SSL_set_accept_state()" in the Curl source code.
"SSL_set_accept_state() sets ssl to work in server mode."

Right, I can't see how we need "server mode". Care to explain?
Post by Naren D
So Curl doesn't seem to understand the request for a new TLS/SSL handshake
before the secure server sends the response. Curl uses the same handle for
both SSL read and SSL write calls.
And why is that bad?
Post by Naren D
Where as Perl uses the same OpenSSL but their modules are coded to handle
this situation. So I gave up on Curl and embedded perl interpreter in my
C++ code.
... and? This is an open source project. It gets no better than we make it.
Sure, ducking from the problems is one way but it sure doesn't improve curl.

I'm listening to suggestions.
--
Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.


-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
Loading...