-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl provider hangs curl #7840
Comments
If it can be detected that easily, then it seems like something OpenSSL should do by itself rather than to force every openssl-application out there to implement the same check. OpenSSL allows openssl-users to shoot themselves in the foot. Is that our job to warn said users maybe shooting feet is bad? |
Good point. Will try to reproduce the problem surfacing independently of curl and then open an issue in OpenSSL. |
@bagder After failing to reproduce in OpenSSL alone the issue, I built a debug-curl and found the problem to be this: curl hangs in |
Why does it hang because of that? |
Because this is an endless loop in that case: Line 508 in d36fded
|
One reason we know it can fail is if a provider is used that doesn't do a proper job. Reported-by: Michael Baentsch Fixes #7840
#7856 should avoid the hang and return an error for this case. Can you verify? |
It does. Thanks! |
I built
curl
using a current openssl (3.x/master) and activated a (third-party) openssl provider by adding to openssl.cnf as follows:I expected simple commands like
curl https://www.google.com
to keep working.What happened instead was a silent hang. Even adding
-vvv
didn't reveal anything.When looking into the problem I admit to have not heeded the explicit warning in the
openssl.cnf
file:So, when activating the default provider via
everything worked OK.
I consider this silent hang a bug -- but am unsure as to whether it is a
curl
oropenssl
bug. When testing the same config file usingopenssl s_client
, though, a tell-tale error message was output and the command terminated:-> Thus the issue is created here:
curl
in my eyes should issue a similar error message and not hang.I did this on
master
:curl 7.80.0-DEV (x86_64-pc-linux-gnu) libcurl/7.80.0-DEV OpenSSL/3.1.0 zlib/1.2.11
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
on
Linux T430s 5.4.0-87-generic #98~18.04.1-Ubuntu SMP Wed Sep 22 10:45:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: