New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash on OSX #1450

Closed
teyrow opened this Issue Apr 25, 2017 · 7 comments

Comments

Projects
None yet
4 participants
@teyrow

teyrow commented Apr 25, 2017

I did this

curl --cacert ./ca.modio.se.cacert --cert ./hsb-demo.crt --key ./hsb-demo.key https://api.moodio.se/

I expected the following

Download or error

curl/libcurl version

using system curl:
$ which curl
/usr/bin/curl

curl 7.51.0 (x86_64-apple-darwin16.0) libcurl/7.51.0 SecureTransport zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets

2017-04-25 14:50:23.802 curl[47694:4961444] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSPlaceholderArray initWithObjects:count:]: attempt to insert nil object from objects[0]'
*** First throw call stack:
(
0 CoreFoundation 0x00007fffa197237b __exceptionPreprocess + 171
1 libobjc.A.dylib 0x00007fffb676648d objc_exception_throw + 48
2 CoreFoundation 0x00007fffa1868184 -[__NSPlaceholderArray initWithObjects:count:] + 276
3 libcurl.4.dylib 0x00007fffb605c45f darwinssl_connect_common + 2166
4 libcurl.4.dylib 0x00007fffb605aa85 Curl_ssl_connect_nonblocking + 77
5 libcurl.4.dylib 0x00007fffb6022631 https_connecting + 23
6 libcurl.4.dylib 0x00007fffb60225fc Curl_http_connect + 71
7 libcurl.4.dylib 0x00007fffb6030c4d Curl_protocol_connect + 127
8 libcurl.4.dylib 0x00007fffb6044f2f multi_runsingle + 921
9 libcurl.4.dylib 0x00007fffb6044b1d curl_multi_perform + 92
10 libcurl.4.dylib 0x00007fffb603daa9 curl_easy_perform + 339
11 curl 0x0000000101e7558d curl + 46477
12 curl 0x0000000101e72515 curl + 34069
13 curl 0x0000000101e71dcf curl + 32207
14 libdyld.dylib 0x00007fffb704b235 start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6

operating system

Darwin rambo.local 16.5.0 Darwin Kernel Version 16.5.0: Fri Mar 3 16:52:33 PST 2017; root:xnu-3789.51.2~3/RELEASE_X86_64 x86_64

@bagder

This comment has been minimized.

Member

bagder commented Apr 25, 2017

Tell us more about the cert + key you're using. Can we generate/get a similar set somehow?

@bagder bagder added the SSL/TLS label Apr 25, 2017

@Spindel

This comment has been minimized.

Spindel commented Apr 25, 2017

Can't rightly give you a cert signed by our core CA, but I set up a new CA cert and signed a cert for you here:

foo.zip

@nickzman

This comment has been minimized.

Collaborator

nickzman commented Apr 26, 2017

  1. I cannot reproduce this crash in the latest version of curl.
  2. You cannot use the --key option when curl is built to use Secure Transport. If you want to use a client-side certificate and private key, you must either use a Keychain item, or you must use a PKCS#12 file that includes both the certificate and key.
  3. If the certificate is self-signed, I would recommend importing it into your Keychain so you don't have to use --cacert. The --cacert option is present mainly for backward compatibility with scripts written for other POSIX systems.
@bagder

This comment has been minimized.

Member

bagder commented May 3, 2017

I made it happen once with current git master but it doesn't happen on subsequent invokes:

$ ~/src/curl/src/curl --cacert ./caramel.ca.cert --cert ./client.example.com.crt --key ./client.example.com.key https://api.moodio.se

2017-05-03 11:05:01.279 curl[19157:311252] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSPlaceholderArray initWithObjects:count:]: attempt to insert nil object from objects[0]'
*** First throw call stack:
(
        0   CoreFoundation                      0x00007fffd2a7d37b __exceptionPreprocess + 171
        1   libobjc.A.dylib                     0x00007fffe787148d objc_exception_throw + 48
        2   CoreFoundation                      0x00007fffd2973184 -[__NSPlaceholderArray initWithObjects:count:] + 276
        3   curl                                0x000000010bd5b00b darwinssl_connect_step1 + 3275
        4   curl                                0x000000010bd59a53 darwinssl_connect_common + 211
        5   curl                                0x000000010bd5997a Curl_darwinssl_connect_nonblocking + 42
        6   curl                                0x000000010bd5810b Curl_ssl_connect_nonblocking + 155
        7   curl                                0x000000010bce9616 https_connecting + 134
        8   curl                                0x000000010bce9526 Curl_http_connect + 214
        9   curl                                0x000000010bd05ae9 Curl_protocol_connect + 313
        10  curl                                0x000000010bd2a5b9 multi_runsingle + 2441
        11  curl                                0x000000010bd29b6b curl_multi_perform + 123
        12  curl                                0x000000010bd1e090 easy_transfer + 336
        13  curl                                0x000000010bd1d234 easy_perform + 356
        14  curl                                0x000000010bd1d0c7 curl_easy_perform + 23
        15  curl                                0x000000010bcd23e1 operate_do + 26257
        16  curl                                0x000000010bccbca3 operate + 611
        17  curl                                0x000000010bcca9bf main + 127
        18  libdyld.dylib                       0x00007fffe8156235 start + 1
        19  ???                                 0x0000000000000008 0x0 + 8
)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6

$ ~/src/curl/src/curl --cacert ./caramel.ca.cert --cert ./client.example.com.crt --key ./client.example.com.key https://api.moodio.se
curl: (58) SSL: Can't load the certificate "./client.example.com.crt" and its private key: OSStatus -25299
@nickzman

This comment has been minimized.

Collaborator

nickzman commented May 3, 2017

Hmm, though I can't reproduce it, I can see how this could happen. I've attached a patch that ought to prevent the crash from happening.

Reporter, could you please try it out and let me know how it goes?
1450.txt

@bagder

This comment has been minimized.

Member

bagder commented May 12, 2017

@teyrow, any news?

@bagder

This comment has been minimized.

Member

bagder commented May 16, 2017

@nickzman: I read the CopyIdentityWithLabel function just now, and I think your fix is indeed necessary as that function can return noErr together with a NULL pointer. So please merge that fix!

@nickzman nickzman closed this in c58063b May 17, 2017

@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.