(1) request an invalid https url and the result is failed, bacause curl: (60) SSL certificate problem: certificate has expired
(2) then use http3(with quiche) try again, a Segmentation fault happend, curl can not return error info like(1)
(1) normal request
# ./curl -v "https://akaquic.com/web_example/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.2.2"
* STATE: INIT => CONNECT handle 0xdd0d48; line 1646 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0xdd0d48; line 1692 (connection #0)
* family0 == v4, family1 == v6
* Trying 184.51.102.201:443...
* STATE: WAITRESOLVE => WAITCONNECT handle 0xdd0d48; line 1774 (connection #0)
* Connected to akaquic.com (184.51.102.201) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0xdd0d48; line 1840 (connection #0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0xdd0d48; line 1858 (connection #0)
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* multi_done
* The cache now contains 0 members
* Closing connection 0
* Expire cleared (transfer 0xdd0d48)
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
(2) http3 request
# ./curl -v --http3 "https://akaquic.com/web_example/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.2.2"
* STATE: INIT => CONNECT handle 0x77bd48; line 1646 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x77bd48; line 1692 (connection #0)
* family0 == v4, family1 == v6
* Trying 184.51.102.201:443...
* Connect socket 5 over QUIC to 184.51.102.201:443
* Sent QUIC client Initial, ALPN: h3-29,h3-28,h3-27
* STATE: WAITRESOLVE => WAITCONNECT handle 0x77bd48; line 1774 (connection #0)
* quiche_conn_recv() == -3
Segmentation fault
I expected the following
using gdb to locate SIGSEGV, and the stack is
(gdb) r -v --http3 "https://akaquic.com/web_example/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.2.2"
Starting program: /data/download/curl-7.75.0/zbin/bin/curl -v --http3 "https://akaquic.com/web_example/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.2.2"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
* STATE: INIT => CONNECT handle 0x657d48; line 1646 (connection #-5000)
* Added connection 0. The cache now contains 1 members
[New Thread 0x2aaab2b16700 (LWP 8001)]
* STATE: CONNECT => WAITRESOLVE handle 0x657d48; line 1692 (connection #0)
[Thread 0x2aaab2b16700 (LWP 8001) exited]
* family0 == v4, family1 == v6
* Trying 184.51.102.195:443...
* Connect socket 9 over QUIC to 184.51.102.195:443
* Sent QUIC client Initial, ALPN: h3-29,h3-28,h3-27
* STATE: WAITRESOLVE => WAITCONNECT handle 0x657d48; line 1774 (connection #0)
* quiche_conn_recv() == -3
Program received signal SIGSEGV, Segmentation fault.
quiche::Connection::on_timeout::hb3b1496011e1cad3 (self=0x0) at src/lib.rs:3454
3454 if let Some(draining_timer) = self.draining_timer {
Missing separate debuginfos, use: debuginfo-install libgcc-4.8.5-16.el7_4.2.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb)
(gdb) bt
#0 quiche::Connection::on_timeout::hb3b1496011e1cad3 (self=0x0) at src/lib.rs:3454
#1 0x00002aaaaba619cb in quiche_conn_on_timeout (conn=0x0) at src/ffi.rs:701
#2 0x00002aaaaad79d1a in process_ingress (data=0x657d48, sockfd=9, qs=0x656e10) at vquic/quiche.c:364
#3 0x00002aaaaad79c47 in Curl_quic_is_connected (data=0x657d48, conn=0x656d78, sockindex=0, done=0x7fffffffddc7) at vquic/quiche.c:336
#4 0x00002aaaaacf7302 in Curl_is_connected (data=0x657d48, conn=0x656d78, sockindex=0, connected=0x7fffffffddc7) at connect.c:901
#5 0x00002aaaaad3426f in multi_runsingle (multi=0x656998, nowp=0x7fffffffdf10, data=0x657d48) at multi.c:1822
#6 0x00002aaaaad35630 in curl_multi_perform (multi=0x656998, running_handles=0x7fffffffdf64) at multi.c:2412
#7 0x00002aaaaad063c7 in easy_transfer (multi=0x656998) at easy.c:606
#8 0x00002aaaaad065f0 in easy_perform (data=0x657d48, events=false) at easy.c:696
#9 0x00002aaaaad0663a in curl_easy_perform (data=0x657d48) at easy.c:715
#10 0x000000000041b446 in serial_transfers (global=0x7fffffffe180, share=0x653748) at tool_operate.c:2326
#11 0x000000000041b8ba in run_all_transfers (global=0x7fffffffe180, share=0x653748, result=CURLE_OK) at tool_operate.c:2504
#12 0x000000000041bbdc in operate (global=0x7fffffffe180, argc=4, argv=0x7fffffffe2e8) at tool_operate.c:2620
#13 0x0000000000411efc in main (argc=4, argv=0x7fffffffe2e8) at tool_main.c:277
frame #2 process_ingress() passed qs->conn to quiche's method quiche_conn_on_timeout()
and the qs is from conn->hequic, but both quicsocket in conn->hequic is invalid
I tried it with current curl in git with current quiche from git (0.7.0) and I can reproduce a crash, even if I seem to get a slightly different stack trace.
I ran into issues when I tried to rebuild quiche and now I can't do it anymore. I've filed an issue over there cloudflare/quiche#863 and will come back here once I can build quiche again! 😢
I did this
(1) request an invalid https url and the result is failed, bacause
curl: (60) SSL certificate problem: certificate has expired
(2) then use http3(with quiche) try again, a Segmentation fault happend, curl can not return error info like(1)
(1) normal request
(2) http3 request
I expected the following
using gdb to locate SIGSEGV, and the stack is
frame
#2 process_ingress()
passedqs->conn
to quiche's methodquiche_conn_on_timeout()
and the
qs
is fromconn->hequic
, but bothquicsocket
inconn->hequic
is invalidcurl/libcurl version
operating system
Linux centos7.virtual 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: