Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS error handling broken #31

Open
kaso17 opened this issue Feb 1, 2017 · 1 comment
Open

TLS error handling broken #31

kaso17 opened this issue Feb 1, 2017 · 1 comment

Comments

@kaso17
Copy link

kaso17 commented Feb 1, 2017

Hello,

currently it seems like TLS errors aren't handled in any way.
If I connect to a host with invalid certificate Perform() returns OK error code but the resulting document is empty.

CurlEasy.ErrorBuffer is also always empty.
It seems like it's never initialized and the set method looks like it's not correctly used.
https://curl.haxx.se/libcurl/c/CURLOPT_ERRORBUFFER.html
@Elbandi
Copy link

Elbandi commented Mar 8, 2017

Same error here. I tweaked the debug function a little, and here is the output:

Connected to www.coinexchange.io (5.254.66.11) port 443 (#0)
ALPN, offering http/1.1
Cipher selection: ALL
successfully set certificate verify locations:
  CAfile: curl-ca-bundle.crt
  CApath: none
SslDataOut: 5 bytes data
TLSv1.2 (OUT), TLS handshake, Client hello (1):
SslDataOut: 512 bytes data
SslDataIn: 5 bytes data
TLSv1.2 (IN), TLS handshake, Server hello (2):
SslDataIn: 104 bytes data
SslDataIn: 5 bytes data
TLSv1.2 (IN), TLS handshake, Certificate (11):
SslDataIn: 4330 bytes data
SslDataIn: 5 bytes data
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
SslDataIn: 333 bytes data
SslDataIn: 5 bytes data
TLSv1.2 (IN), TLS handshake, Server finished (14):
SslDataIn: 4 bytes data
SslDataOut: 5 bytes data
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
SslDataOut: 70 bytes data
SslDataOut: 5 bytes data
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
SslDataOut: 1 bytes data
SslDataOut: 5 bytes data
TLSv1.2 (OUT), TLS handshake, Finished (20):
SslDataOut: 16 bytes data
SslDataIn: 5 bytes data
SslDataIn: 5 bytes data
TLSv1.2 (IN), TLS handshake, Finished (20):
SslDataIn: 16 bytes data
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
ALPN, server accepted to use http/1.1
Server certificate:
 subject: OU=Domain Control Validated; OU=PositiveSSL; CN=coinexchange.io
 start date: Mar  3 00:00:00 2017 GMT
 expire date: Mar  5 23:59:59 2019 GMT
 subjectAltName: host "www.coinexchange.io" matched cert's "www.coinexchange.io"
 issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO
RSA Domain Validation Secure Server CA
 SSL certificate verify ok.
SslDataOut: 5 bytes data
HeaderOut: 75 bytes data
SslDataIn: 5 bytes data
TLSv1.2 (IN), TLS alert, Client hello (1):
SslDataIn: 2 bytes data
Curl_http_done: called premature == 0
Empty reply from server
Connection #0 to host www.coinexchange.io left intact

this is the output for same site from git mingw console:

* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [109 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4330 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*        subject: OU=Domain Control Validated; OU=PositiveSSL; CN=coinexchange.io
*        start date: Mar  3 00:00:00 2017 GMT
*        expire date: Mar  5 23:59:59 2019 GMT
*        subjectAltName: www.coinexchange.io matched
*        issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*        SSL certificate verify ok.
} [5 bytes data]
> GET /api/v1/getmarkets HTTP/1.1
> Host: www.coinexchange.io
> User-Agent: curl/7.46.0
> Accept: */*
>
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: PipeGuard
< Date: Wed, 08 Mar 2017 13:11:55 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< Cache-Control: no-cache
< Pragma: public
< Cache-Control: public, must-revalidate, proxy-revalidate
<
{ [16103 bytes data]
100 50483    0 50483    0     0  95250      0 --:--:-- --:--:-- --:--:--  102k
* Connection #0 to host www.coinexchange.io left intact

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Elbandi @kaso17