Anonymous | Login | 2024-04-20 12:10 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005098 | [curl] regular use | major | always | 2013-08-02 21:39 | 2013-12-14 17:38 | ||
Reporter | soladmin | View Status | public | ||||
Assigned To | dam | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0005098: curl fails to connect to any site over SSL | ||||||
Description |
Solaris 10 using opencsw's kiel repository. Curl always fails when connecting to any system using SSL. # curl -v https://google.com/ [^] * About to connect() to google.com port 443 (#0) * Trying 173.194.46.32... * connected * Connected to google.com (173.194.46.32) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /opt/csw/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * error:800960A0:lib(128):PK11_DIGEST_COPY:C_GetOperationState failed * Closing connection #0 curl: (35) error:800960A0:lib(128):PK11_DIGEST_COPY:C_GetOperationState failed |
||||||
Additional Information |
package installed catalog CSWcacertificates 20120511,REV=2012.05.11 SAME CSWcas-migrateconf 1.47,REV=2012.02.14 SAME CSWcas-preserveconf 1.49,REV=2013.03.13 SAME CSWcommon 1.5,REV=2010.12.11 SAME CSWcurl 7.28.1,REV=2013.05.12 SAME CSWggettext-data 0.18.1.1,p,REV=2011.03.15 SAME CSWiconv 1.14,REV=2011.08.08 SAME CSWisaexec 0.2,REV=2009.03.26 SAME CSWlibcharset1 1.14,REV=2011.08.07 SAME CSWlibcurl4 7.28.1,REV=2013.05.12 SAME CSWlibiconv2 1.14,REV=2011.08.07 SAME CSWlibidn11 1.26,REV=2013.01.01 SAME CSWlibintl8 0.18.1.1,p,REV=2011.03.15 SAME CSWlibssl1-0-0 1.0.1e,REV=2013.03.30 SAME CSWlibz1 1.2.7,REV=2012.06.14 SAME CSWpkgutil 2.6.5,REV=2012.08.15 SAME CSWtop 3.8beta1,REV=2011.11.23 SAME |
||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0010511) dam (administrator) 2013-08-05 11:01 |
I just verified with unstable and it also fails to connect: dam@login [login]:/home/dam > curl -v https://google.com [^] * About to connect() to google.com port 443 (#0) * Trying 74.125.136.138... * connected * Connected to google.com (74.125.136.138) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /opt/csw/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * Unknown SSL protocol error in connection to google.com:443 * Closing connection #0 curl: (35) Unknown SSL protocol error in connection to google.com:443 zsh: 13637 exit 35 curl -v https://google.com [^] However, there are also other issues reported against OpenSSL 1.0 bindings, so these may be related. |
(0010514) dam (administrator) 2013-08-05 21:19 |
I just talked to Yann who maintains our OpenSSL package and it turns out the issue is indeed related to OpenSSL and it only seems to occur on Sparc. |
(0010515) dam (administrator) 2013-08-05 21:33 |
Until the issue is resolved you can add --sslv3 as a workaround |
(0010516) yann (developer) 2013-08-07 20:56 |
I tracked the origin of the problem in the patch applied to enable the pkcs11 engine. I don't know exactly why it causes some failures and it will takes some time to find out, so I will release shortly a new version of the openssl package with pkcs11 engine disabled under sparc. I'll keep you updated. Yann |
(0010517) yann (developer) 2013-08-07 23:45 |
Could you try the following packages in my experimental repository and tell me if it works ? http://buildfarm.opencsw.org/opencsw/experimental/yann/sparc/5.10/libssl1_0_0-1.0.1e,REV=2013.08.07-SunOS5.10-sparc-CSW.pkg.gz [^] http://buildfarm.opencsw.org/opencsw/experimental/yann/sparc/5.10/libssl_dev-1.0.1e,REV=2013.08.07-SunOS5.10-sparc-CSW.pkg.gz [^] http://buildfarm.opencsw.org/opencsw/experimental/yann/sparc/5.10/openssl_utils-1.0.1e,REV=2013.08.07-SunOS5.10-sparc-CSW.pkg.gz [^] |
(0010518) soladmin (reporter) 2013-08-07 23:55 |
I installed the new patches you list, and they fix the problem I was encountering. Thanks for working on this! |
Copyright © 2000 - 2008 Mantis Group |