Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL SSL_write: SSL_ERROR_SYSCALL, errno 0 #15101

Closed
gold22 opened this issue Oct 1, 2024 · 5 comments
Closed

OpenSSL SSL_write: SSL_ERROR_SYSCALL, errno 0 #15101

gold22 opened this issue Oct 1, 2024 · 5 comments
Assignees

Comments

@gold22
Copy link

gold22 commented Oct 1, 2024

I did this

Upload of files to an FTP storage via SSL is broken in 8.10.1.

Run code from the file
upload-test.txt

Upload fails with the error code 55

Curl version: 8.10.1
*   Trying 10.69.43.144:21...
* Connected to 10.69.43.144 (10.69.43.144) port 21
< 220 ProFTPD Server (ProFTPD) [10.69.43.144]
> AUTH SSL
< 234 AUTH SSL successful
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* Server certificate:
*  subject: C=CH; L=XX; O=XX; CN=XX; emailAddress=xx@xx.xx
*  start date: Sep 29 09:27:53 2024 GMT
*  expire date: Sep 29 09:27:53 2025 GMT
*  issuer: C=CH; L=XX; O=XX; CN=XX; emailAddress=xx@xx.xx
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to 10.69.43.144 (10.69.43.144) port 21
> USER ftpuser
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< 331 Password required for ftpuser
> PASS ftppassword
< 230 User ftpuser logged in
> PBSZ 0
< 200 PBSZ 0 successful
> PROT P
< 200 Protection set to Private
> PWD
< 257 "/" is the current directory
* Entry path is '/'
* Request has same path as previous transfer
> EPSV
* Connect data stream passively
< 229 Entering Extended Passive Mode (|||49206|)
* Connecting to 10.69.43.144 (10.69.43.144) port 49206
*   Trying 10.69.43.144:49206...
* SSL reusing session ID
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
> TYPE I
< 200 Type set to I
> STOR test.out
< 150 Opening BINARY mode data connection for test.out
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / UNDEF
* Server certificate:
*  subject: C=CH; L=XX; O=XX; CN=XX; emailAddress=xx@xx.xx
*  start date: Sep 29 09:27:53 2024 GMT
*  expire date: Sep 29 09:27:53 2025 GMT
*  issuer: C=CH; L=XX; O=XX; CN=XX; emailAddress=xx@xx.xx
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* Connected 2nd connection to 10.69.43.144 port 49206
* OpenSSL SSL_write: SSL_ERROR_SYSCALL, errno 0
* closing connection #0
upload failed, code 55 (Failed sending data to the peer).

I expected the following

Upload succeeds

curl/libcurl version

libcurl 8.10.1

operating system

Ubuntu 24.04 x86_64
Microsoft Windows Server 2022 x86_64

@icing
Copy link
Contributor

icing commented Oct 1, 2024

Thanks for the report. Could you add a trace with -v --trace-config all for this situation?

@gold22
Copy link
Author

gold22 commented Oct 1, 2024

I cannot reproduce it with the curl utility, it is reproduced with code example upload-test.txt. The example uses the curl multi interface.

@icing
Copy link
Contributor

icing commented Oct 1, 2024

I see. In that case, could you add the following line to the sample code, right after curl_global_init()?

curl_global_trace("all");

That will give more tracing at what is happening at the network level while talking to your server.

@gold22
Copy link
Author

gold22 commented Oct 1, 2024

Curl version: 8.10.1
* [READ] client_reset, clear readers
* [FTP] [STOP] setup connection -> 0
* [SETUP] added
* [HAPPY-EYEBALLS] created ipv4 (timeout 299998ms)
* [HAPPY-EYEBALLS] ipv4 starting (timeout=299998ms)
*   Trying 10.69.43.144:21...
* [TCP] cf_socket_open() -> 0, fd=5
* [TCP] local address 10.69.45.55 port 44096...
* [HAPPY-EYEBALLS] ipv4 connect -> 0, connected=0
* [TCP] adjust_pollset, !connected, POLLOUT fd=5
* [HAPPY-EYEBALLS] adjust_pollset -> 1 socks
* [TCP] connected
* [HAPPY-EYEBALLS] ipv4 connect -> 0, connected=1
* [HAPPY-EYEBALLS] Connected to 10.69.43.144 (10.69.43.144) port 21
* Connected to 10.69.43.144 (10.69.43.144) port 21
* [FTP] [STOP] -> [WAIT220]
* [TCP] recv(len=900) -> 45, err=0
< 220 ProFTPD Server (ProFTPD) [10.69.43.144]
* [WRITE] download_write header(type=2, blen=45) -> 0
* [WRITE] client_write(type=2, len=45) -> 0
* [TCP] send(len=10) -> 10, err=0
> AUTH SSL
* [FTP] [WAIT220] -> [AUTH]
* [TCP] recv(len=900) -> 25, err=0
< 234 AUTH SSL successful
* [WRITE] download_write header(type=2, blen=25) -> 0
* [WRITE] client_write(type=2, len=25) -> 0
* [SSL] added
* [SSL] cf_connect()
* [SSL] No cached session ID for ftp://10.69.43.144:21
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* [TCP] send(len=517) -> 517, err=0
* [SSL] ossl_bio_cf_out_write(len=517) -> 517, err=0
* [TCP] recv(len=5) -> -1, err=81
* [SSL] ossl_bio_cf_in_read(len=5) -> -1, err=81
* [SSL] populate_x509_store, path=/etc/ssl/certs/ca-certificates.crt, blob=0
* [SSL] SSL_connect() -> err=-1, detail=2
* [SSL] SSL_connect() -> want recv
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=122) -> 122, err=0
* [SSL] ossl_bio_cf_in_read(len=122) -> 122, err=0
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=1) -> 1, err=0
* [SSL] ossl_bio_cf_in_read(len=1) -> 1, err=0
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=23) -> 23, err=0
* [SSL] ossl_bio_cf_in_read(len=23) -> 23, err=0
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=924) -> 924, err=0
* [SSL] ossl_bio_cf_in_read(len=924) -> 924, err=0
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=281) -> 281, err=0
* [SSL] ossl_bio_cf_in_read(len=281) -> 281, err=0
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=69) -> 69, err=0
* [SSL] ossl_bio_cf_in_read(len=69) -> 69, err=0
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* [TCP] send(len=80) -> 80, err=0
* [SSL] ossl_bio_cf_out_write(len=80) -> 80, err=0
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* Server certificate:
*  subject: C=CH; L=XX; O=XX; CN=XX; emailAddress=xx@xx.xx
*  start date: Sep 29 09:27:53 2024 GMT
*  expire date: Sep 29 09:27:53 2025 GMT
*  issuer: C=CH; L=XX; O=XX; CN=XX; emailAddress=xx@xx.xx
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* [SSL] cf_connect() -> 0, done=1
* Connected to 10.69.43.144 (10.69.43.144) port 21
* [TCP] send(len=36) -> 36, err=0
* [SSL] ossl_bio_cf_out_write(len=36) -> 36, err=0
> USER ftpuser
* [FTP] [AUTH] -> [USER]
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=282) -> 282, err=0
* [SSL] ossl_bio_cf_in_read(len=282) -> 282, err=0
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* [SSL] No cached session ID for ftp://10.69.43.144:21
* [SSL] Added Session ID to cache for ftp://10.69.43.144:21 [server]
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=282) -> 282, err=0
* [SSL] ossl_bio_cf_in_read(len=282) -> 282, err=0
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* [SSL] Found cached session ID for ftp://10.69.43.144:21
* [SSL] Added Session ID to cache for ftp://10.69.43.144:21 [server]
* [TCP] recv(len=5) -> -1, err=81
* [SSL] ossl_bio_cf_in_read(len=5) -> -1, err=81
* [SSL] cf_recv(len=900) -> -1, 81
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=52) -> 52, err=0
* [SSL] ossl_bio_cf_in_read(len=52) -> 52, err=0
* [SSL] cf_recv(len=900) -> 35, 0
< 331 Password required for ftpuser
* [WRITE] download_write header(type=2, blen=35) -> 0
* [WRITE] client_write(type=2, len=35) -> 0
* [TCP] send(len=39) -> 39, err=0
* [SSL] ossl_bio_cf_out_write(len=39) -> 39, err=0
> PASS ftppassword
* [FTP] [USER] -> [PASS]
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=45) -> 45, err=0
* [SSL] ossl_bio_cf_in_read(len=45) -> 45, err=0
* [SSL] cf_recv(len=900) -> 28, 0
< 230 User ftpuser logged in
* [WRITE] download_write header(type=2, blen=28) -> 0
* [WRITE] client_write(type=2, len=28) -> 0
* [TCP] send(len=30) -> 30, err=0
* [SSL] ossl_bio_cf_out_write(len=30) -> 30, err=0
> PBSZ 0
* [FTP] [PASS] -> [PBSZ]
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=40) -> 40, err=0
* [SSL] ossl_bio_cf_in_read(len=40) -> 40, err=0
* [SSL] cf_recv(len=900) -> 23, 0
< 200 PBSZ 0 successful
* [WRITE] download_write header(type=2, blen=23) -> 0
* [WRITE] client_write(type=2, len=23) -> 0
* [TCP] send(len=30) -> 30, err=0
* [SSL] ossl_bio_cf_out_write(len=30) -> 30, err=0
> PROT P
* [FTP] [PBSZ] -> [PROT]
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=48) -> 48, err=0
* [SSL] ossl_bio_cf_in_read(len=48) -> 48, err=0
* [SSL] cf_recv(len=900) -> 31, 0
< 200 Protection set to Private
* [WRITE] download_write header(type=2, blen=31) -> 0
* [WRITE] client_write(type=2, len=31) -> 0
* [TCP] send(len=27) -> 27, err=0
* [SSL] ossl_bio_cf_out_write(len=27) -> 27, err=0
> PWD
* [FTP] [PROT] -> [PWD]
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=51) -> 51, err=0
* [SSL] ossl_bio_cf_in_read(len=51) -> 51, err=0
* [SSL] cf_recv(len=900) -> 34, 0
< 257 "/" is the current directory
* [WRITE] download_write header(type=2, blen=34) -> 0
* [WRITE] client_write(type=2, len=34) -> 0
* Entry path is '/'
* [FTP] [PWD] -> [STOP]
* [FTP] [STOP] protocol connect phase DONE
* Request has same path as previous transfer
* [FTP] [STOP] DO phase starts
* [TCP] send(len=28) -> 28, err=0
* [SSL] ossl_bio_cf_out_write(len=28) -> 28, err=0
> EPSV
* [FTP] [STOP] -> [PASV]
* Connect data stream passively
* [FTP] [PASV] perform, awaiting DATA connect
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=65) -> 65, err=0
* [SSL] ossl_bio_cf_in_read(len=65) -> 65, err=0
* [SSL] cf_recv(len=900) -> 48, 0
< 229 Entering Extended Passive Mode (|||58419|)
* [WRITE] download_write header(type=2, blen=48) -> 0
* [WRITE] client_write(type=2, len=48) -> 0
* [SETUP-1] added
* Connecting to 10.69.43.144 (10.69.43.144) port 58419
* [FTP] [PASV] -> [STOP]
* [FTP] [STOP] DO phase is complete2
* [HAPPY-EYEBALLS-1] created ipv4 (timeout 299668ms)
* [HAPPY-EYEBALLS-1] ipv4 starting (timeout=299668ms)
*   Trying 10.69.43.144:58419...
* [TCP-1] cf_socket_open() -> 0, fd=6
* [TCP-1] local address 10.69.45.55 port 60618...
* [HAPPY-EYEBALLS-1] ipv4 connect -> 0, connected=0
* [FTP] [STOP] ftp_domore_getsock()
* [TCP-1] adjust_pollset, !connected, POLLOUT fd=6
* [HAPPY-EYEBALLS-1] adjust_pollset -> 2 socks
* [TCP-1] connected
* [HAPPY-EYEBALLS-1] ipv4 connect -> 0, connected=1
* [HAPPY-EYEBALLS-1] Connected to 10.69.43.144 (10.69.43.144) port 58419
* [SSL-1] cf_connect()
* [SSL-1] Found cached session ID for ftp://10.69.43.144:21
* SSL reusing session ID
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* [TCP-1] send(len=596) -> 596, err=0
* [SSL-1] ossl_bio_cf_out_write(len=596) -> 596, err=0
* [TCP-1] recv(len=5) -> -1, err=81
* [SSL-1] ossl_bio_cf_in_read(len=5) -> -1, err=81
* [SSL-1] populate_x509_store, path=/etc/ssl/certs/ca-certificates.crt, blob=0
* [SSL-1] SSL_connect() -> err=-1, detail=2
* [SSL-1] SSL_connect() -> want recv
* [SSL-1] cf_connect() -> 0, done=0
* [TCP] send(len=30) -> 30, err=0
* [SSL] ossl_bio_cf_out_write(len=30) -> 30, err=0
> TYPE I
* [FTP] [STOP] -> [STOR_TYPE]
* [FTP] [STOR_TYPE] ftp_domore_getsock()
* [SSL-1] adjust_pollset, POLLIN fd=6
* [TCP-1] adjust_pollset, !active, POLLIN fd=6
* [SSL-1] cf_connect()
* [TCP-1] recv(len=5) -> -1, err=81
* [SSL-1] ossl_bio_cf_in_read(len=5) -> -1, err=81
* [SSL-1] SSL_connect() -> err=-1, detail=2
* [SSL-1] SSL_connect() -> want recv
* [SSL-1] cf_connect() -> 0, done=0
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=36) -> 36, err=0
* [SSL] ossl_bio_cf_in_read(len=36) -> 36, err=0
* [SSL] cf_recv(len=900) -> 19, 0
< 200 Type set to I
* [WRITE] download_write header(type=2, blen=19) -> 0
* [WRITE] client_write(type=2, len=19) -> 0
* [TCP] send(len=37) -> 37, err=0
* [SSL] ossl_bio_cf_out_write(len=37) -> 37, err=0
> STOR test.out
* [FTP] [STOR_TYPE] -> [STOR]
* [FTP] [STOR] ftp_domore_getsock()
* [SSL-1] adjust_pollset, POLLIN fd=6
* [TCP-1] adjust_pollset, !active, POLLIN fd=6
* [SSL-1] cf_connect()
* [TCP-1] recv(len=5) -> -1, err=81
* [SSL-1] ossl_bio_cf_in_read(len=5) -> -1, err=81
* [SSL-1] SSL_connect() -> err=-1, detail=2
* [SSL-1] SSL_connect() -> want recv
* [SSL-1] cf_connect() -> 0, done=0
* [TCP] recv(len=5) -> 5, err=0
* [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP] recv(len=71) -> 71, err=0
* [SSL] ossl_bio_cf_in_read(len=71) -> 71, err=0
* [SSL] cf_recv(len=900) -> 54, 0
< 150 Opening BINARY mode data connection for test.out
* [WRITE] download_write header(type=2, blen=54) -> 0
* [WRITE] client_write(type=2, len=54) -> 0
* [FTP] InitiateTransfer()
* [SSL-1] cf_connect()
* [TCP-1] recv(len=5) -> -1, err=81
* [SSL-1] ossl_bio_cf_in_read(len=5) -> -1, err=81
* [SSL-1] SSL_connect() -> err=-1, detail=2
* [SSL-1] SSL_connect() -> want recv
* [TCP-1] recv(len=5) -> 5, err=0
* [SSL-1] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP-1] recv(len=128) -> 128, err=0
* [SSL-1] ossl_bio_cf_in_read(len=128) -> 128, err=0
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* [TCP-1] recv(len=5) -> 5, err=0
* [SSL-1] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP-1] recv(len=1) -> 1, err=0
* [SSL-1] ossl_bio_cf_in_read(len=1) -> 1, err=0
* [TCP-1] recv(len=5) -> 5, err=0
* [SSL-1] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP-1] recv(len=23) -> 23, err=0
* [SSL-1] ossl_bio_cf_in_read(len=23) -> 23, err=0
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* [TCP-1] recv(len=5) -> 5, err=0
* [SSL-1] ossl_bio_cf_in_read(len=5) -> 5, err=0
* [TCP-1] recv(len=69) -> 69, err=0
* [SSL-1] ossl_bio_cf_in_read(len=69) -> 69, err=0
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* [TCP-1] send(len=80) -> 80, err=0
* [SSL-1] ossl_bio_cf_out_write(len=80) -> 80, err=0
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / UNDEF
* Server certificate:
*  subject: C=CH; L=XX; O=XX; CN=XX; emailAddress=xx@xx.xx
*  start date: Sep 29 09:27:53 2024 GMT
*  expire date: Sep 29 09:27:53 2025 GMT
*  issuer: C=CH; L=XX; O=XX; CN=XX; emailAddress=xx@xx.xx
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* [SSL-1] cf_connect() -> 0, done=1
* Connected 2nd connection to 10.69.43.144 port 58419
* [FTP] [STOR] -> [STOP]
* [READ] add fread reader, len=-1 -> 0
* [READ] cr_in_read(len=65536, total=-1, read=26) -> 0, nread=26, eos=0
* [READ] client_read(len=65536) -> 0, nread=26, eos=0
* [TCP-1] send(len=48) -> 48, err=0
* [SSL-1] ossl_bio_cf_out_write(len=48) -> 48, err=0
* [READ] cr_in_read(len=65536, total=-1, read=26) -> 0, nread=0, eos=1
* [READ] client_read(len=65536) -> 0, nread=0, eos=1
* OpenSSL SSL_write: SSL_ERROR_SYSCALL, errno 0
* [FTP] [STOP] closing DATA connection
* [SETUP-1] close
* [HAPPY-EYEBALLS-1] close
* [TCP-1] cf_socket_close(6)
* [TCP-1] destroy
* [HAPPY-EYEBALLS-1] destroy
* [SETUP-1] destroy
* [FTP] [STOP] done, result=55
* [WRITE] cw-out done
* closing connection #0
* [SETUP] close
* [HAPPY-EYEBALLS] close
* [TCP] cf_socket_close(5)
* [TCP] destroy
* [HAPPY-EYEBALLS] destroy
* [SETUP] destroy
upload failed, code 55 (Failed sending data to the peer).

@icing
Copy link
Contributor

icing commented Oct 1, 2024

Thanks. I made #15102 with a test case and a fix for this.

@bagder bagder closed this as completed in 72d2090 Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

3 participants