Please login or register. December 18, 2017, 12:49:43 PM

Author Topic: curl: (35) Unknown SSL protocol error  (Read 2979 times)

0 Members and 1 Guest are viewing this topic.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1056
  • Karma: +0/-0
Re: curl: (35) Unknown SSL protocol error
« Reply #10 on: January 18, 2017, 07:17:41 AM »
I "forgot" something - in the hurry to get out the new version - the argument --with-cabundle - which the first version did have!

Here is the begin of both 'config.log' files:

Quote
==> curl-7.50.3/config.log <==
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by curl configure -, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ ../src/curl-7.50.3/configure --prefix=/opt --sysconfdir=/var/curl/etc --sharedstatedir=/var/curl/com --localstatedir=/var/curl --mandir=/usr/share/man --infodir=/opt/share/info/curl --enable-symbol-hiding --disable-debug --enable-ipv6 --enable-threaded-resolver --enable-crypto-auth --with-ca-bundle=/var/ssl/cacert.pem

## --------- ##
## Platform. ##

==> curl-7.52.1/config.log <==
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by curl configure -, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ ../src/curl-7.52.1/configure --prefix=/opt --sysconfdir=/var/curl/etc --sharedstatedir=/var/curl/com --localstatedir=/var/curl --mandir=/usr/share/man --infodir=/opt/share/info/curl

## --------- ##
## Platform. ##
If you would be so kind to test: I will package two versions. Both will have the --with-ca-bundle setting, but one will have only that, and the other will have the additional arguments ( --enable-symbol-hiding --disable-debug --enable-ipv6 --enable-threaded-resolver --enable-crypto-auth). I am wondering if one, or the combination, of those arguments prevented the previous version from working.

Michael
« Last Edit: January 18, 2017, 08:02:39 AM by Michael »

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1056
  • Karma: +0/-0
Re: curl: (35) Unknown SSL protocol error
« Reply #11 on: January 18, 2017, 07:54:40 AM »
I have prepared two test versions (.001 and .002) - available via http://download.aixtools.net/test

Prepare for testing

a) download the two test versions from http://download.aixtools.net/test
b) copy the .pem file (the original removes it's copy, the test versions do not contain one)

Code: [Select]
root@x064:[/data/prj/aixtools/curl-7.52.1]ls -l /var/ssl
total 544
-rw-r--r--   1 bin      bin          263596 Jan 18 07:37 cacert-2016-11-02.pem
lrwxrwxrwx   1 root     system           30 Jan 18 07:31 cacert.pem -> /var/ssl/cacert-2016-11-02.pem
drwxr-xr-x   2 root     system          256 Jan 06 08:42 misc
-rw-r--r--   1 root     system        11485 Jan 06 08:42 openssl.cnf
root@x064:[/data/prj/aixtools/curl-7.52.1]rm /var/ssl/cacert.pem
root@x064:[/data/prj/aixtools/curl-7.52.1]cp -p /var/ssl/cacert-2016-11-02.pem /var/ssl/cacert.pem
root@x064:[/data/prj/aixtools/curl-7.52.1]ls -li /var/ssl
total 1064
  262 -rw-r--r--   1 bin      bin          263596 Jan 18 07:37 cacert-2016-11-02.pem
  315 -rw-r--r--   1 bin      bin          263596 Jan 18 07:37 cacert.pem
  221 drwxr-xr-x   2 root     system          256 Jan 06 08:42 misc
  232 -rw-r--r--   1 root     system        11485 Jan 06 08:42 openssl.cnf

Install one test version, e.g. 002 with:
!! Notice that the complete filename is used (so that installp does not make/read .toc)

Code: [Select]
root@x064:[/data/prj/aixtools/curl-7.52.1]installp -d /data/httpd/test/aixtools.curl.7.52.1.0.I.002 -aF aixtools.curl.rte
And the copy .pem is still there!

Code: [Select]
root@x064:[/data/prj/aixtools/curl-7.52.1]ls -li /var/ssl
total 544
  315 -rw-r--r--   1 bin      bin          263596 Jan 18 07:37 cacert.pem
  221 drwxr-xr-x   2 root     system          256 Jan 06 08:42 misc
  232 -rw-r--r--   1 root     system        11485 Jan 06 08:42 openssl.cnf


Perform your test.

Install the other (again, full pathname)

Code: [Select]
root@x064:[/data/prj/aixtools/curl-7.52.1]installp -d /data/httpd/test/aixtools.curl.7.52.1.0.I.001 -aF aixtools.curl.rte

root@x064:[/data/prj/aixtools/curl-7.52.1]ls -li /var/ssl
total 544
  315 -rw-r--r--   1 bin      bin          263596 Jan 18 07:37 cacert.pem
  221 drwxr-xr-x   2 root     system          256 Jan 06 08:42 misc
  232 -rw-r--r--   1 root     system        11485 Jan 06 08:42 openssl.cnf

Test again.

If one works, but the other does not - depending on your time - I will make different setups to test. If they both work - I'll still be scratching my head why the first version did not work (unless their key needs something in the new pem file) - or maybe a bug now fixed!

Note: the other key difference is the test versions are 32-bit while the 'regular' version is 64-bit.

Thanks for your feedback!