Mantis - curl
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
5095 regular use major always 2013-07-19 21:13 2013-12-14 17:37
Reporter: hudesd Platform:  
Assigned To: dam OS:  
Priority: normal OS Version:  
Status: closed Product Version:  
Product Build: Resolution: unable to reproduce  
Projection: none      
ETA: none Fixed in Version:  
Summary: 0005095: curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext
Description: Connecting to download from IBM mainframe via ftps gets the error
curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext

Using the old Solaris SFWcurl 7.19.5 with old libssl 0.9.7 works.
Using the Solaris 11 curl 7.21 with ssl 1.0.0 doesn't work either.

The command line for connection, with username and password elided:
/opt/csw/bin/curl --engine pkcs11 -R --trace-ascii /var/tmp/curl.log --disable-epsv --ssl-reqd -k -m 30 -l -G -u XXX:YYY ftp://nhpafts1:19003/FISAFMS/ [^]

Content /var/tmp/curl.log:
== Info: set default crypto engine 'pkcs11'
== Info: About to connect() to nhpafts1 port 19003 (#0)
== Info: Trying 10.185.8.14...
== Info: connected
== Info: Connected to nhpafts1 (10.185.8.14) port 19003 (#0)
<= Recv header, 32 bytes (0x20)
0000: 220 Server ready for new user.
=> Send header, 10 bytes (0xa)
0000: AUTH SSL
<= Recv header, 38 bytes (0x26)
0000: 234 Security data exchange complete.
== Info: successfully set certificate verify locations:
== Info: CAfile: none
  CApath: /opt/csw/ssl/certs
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 341 bytes (0x155)
0000: ...Q..Q...G..~....S..6..0..l...v....Q....0.,.(.$.....".!.....k.
0040: j.9.8.....2...*.&.......=.5...................../.+.'.#.........
0080: ....g.@.3.2.....E.D.1.-.).%.......<./...A.......................
00c0: ......................nhpafts1.fisa.nycnet...........4.2........
0100: .............................................". ................
0140: .....................
== Info: SSLv3, TLS handshake, Server hello (2):
<= Recv SSL data, 66 bytes (0x42)
0000: ...>..Q..._....>.8z.P.'o.q..!_.Y..Kb.'...cf...f)....6...5.......
0040: ..
== Info: SSLv3, TLS alert, Server hello (2):
=> Send SSL data, 2 bytes (0x2)
0000: .p
== Info: error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext
== Info: Closing connection #0
Steps To Reproduce:
Additional Information: # ldd /opt/csw/bin/curl
        libcurl.so.4 => /opt/csw/lib/sparcv8/libcurl.so.4
        librt.so.1 => /lib/librt.so.1
        libz.so.1 => /opt/csw/lib/sparcv8plus+vis/libz.so.1
        libc.so.1 => /lib/libc.so.1
        libidn.so.11 => /opt/csw/lib/sparcv8/libidn.so.11
        libsocket.so.1 => /lib/libsocket.so.1
        libnsl.so.1 => /lib/libnsl.so.1
        libssl.so.1.0.0 => /opt/csw/lib/sparcv8plus+vis/libssl.so.1.0.0
        libcrypto.so.1.0.0 => /opt/csw/lib/sparcv8plus+vis/libcrypto.so.1.0.0
        libaio.so.1 => /lib/libaio.so.1
        libmd.so.1 => /lib/libmd.so.1
        libintl.so.8 => /opt/csw/lib/libintl.so.8
        libiconv.so.2 => /opt/csw/lib/libiconv.so.2
        libmp.so.2 => /lib/libmp.so.2
        libscf.so.1 => /lib/libscf.so.1
        libdoor.so.1 => /lib/libdoor.so.1
        libuutil.so.1 => /lib/libuutil.so.1
        libgen.so.1 => /lib/libgen.so.1
        libcurl-feature.so.4 => /opt/csw/lib/sparcv8/libcurl-feature.so.4
        libcares.so.2 => /opt/csw/lib/sparcv8/libcares.so.2
        libssh2.so.1 => /opt/csw/lib/sparcv8/libssh2.so.1
        liblber-2.4.so.2 => /opt/csw/lib/sparcv8/liblber-2.4.so.2
        libldap-2.4.so.2 => /opt/csw/lib/sparcv8/libldap-2.4.so.2
        librtmp.so.0 => /opt/csw/lib/sparcv8/librtmp.so.0
        libresolv.so.2 => /lib/libresolv.so.2
        libsasl2.so.2 => /opt/csw/lib/libsasl2.so.2
        libssl.so.1.0.0 => /opt/csw/lib/libssl.so.1.0.0
        libcrypto.so.1.0.0 => /opt/csw/lib/libcrypto.so.1.0.0
        libdl.so.1 => /lib/libdl.so.1
        libm.so.2 => /lib/libm.so.2
        /platform/SUNW,T5240/lib/libc_psr.so.1
        /platform/SUNW,T5240/lib/libmd_psr.so.1
Relationships
Attached Files:
Issue History
Date Modified Username Field Change
2013-07-19 21:13 hudesd New Issue
2013-07-23 13:56 dam Status new => assigned
2013-07-23 13:56 dam Assigned To => dam
2013-07-23 14:01 dam Note Added: 0010504
2013-07-23 14:01 dam Status assigned => feedback
2013-08-27 16:13 dam Note Added: 0010558
2013-12-14 17:37 dam Note Added: 0010669
2013-12-14 17:37 dam Status feedback => closed
2013-12-14 17:37 dam Resolution open => unable to reproduce

Notes
(0010504)
dam   
2013-07-23 14:01   
Hi Dana,

as the issue also occurs on the curl shipped with Solaris 11 this seems not to be an issue with the packaging, but with the curl upstream version and/or OpenSSL. I suggest you open a bug report upstream at http://curl.haxx.se/docs/bugs.html [^]

There is also a similar bug reported against wget with the newer OpenSSL 1.0.0 0005068 with a failing handshake which is however rooted in a problem at the other side.

Kind regards -- Dago
(0010558)
dam   
2013-08-27 16:13   
Which version of libssl are you running? Please try
  pkginfo -x CSWlibssl1-0-0
You are probably running a version prior to 1.0.1e,REV=2013.08.08 which had issues in the pkcs#11 acceleration on Sparc.
(0010669)
dam   
2013-12-14 17:37   
No feedback, closing.