Discussion:
Client is sending RST after receving the Encrypted Alert message
j***@smartplayin.com
2011-05-22 11:17:21 UTC
Permalink
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Daniel Stenberg
2011-05-23 07:30:27 UTC
Permalink
I am using the curl version 7.18.0
I'm sure you're aware that version is slightly old by now.
working on the client. Client is communicating with server using SSL(
openssl 0.9.8f) and after the data transfer has happened, after sending the
FIN from the client , server is repsonding with "Encrypted ALert" and FIN,
Then client is immediatly is sending the RST. what could be the porblem
here.
When the communication (problem) is on the SSL level, then the SSL library
(openssl) is the one who'd doing the decisions and if there's any wrong-doings
I think it would make a lot of sense to first make sure that you use the most
recent OpenSSL version. Your OpenSSL version is rather old too.
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Young,Jim
2011-05-23 19:50:00 UTC
Permalink
I ran into a minor buglet this morning - when curl tries to download a zero length file using sftp, it says it did the download but it but never creates the file locally. I'm running curl on an AIX system and I've tested it against sftp servers running on AIX, Linux and Ipswitch's MOVEit EZ server. I see a "File already completely downloaded" message in the --verbose output but the file doesn't exist on the local host after curl finishes and the curl's exit status is 0. I never would have noticed this except that MOVEit is so finicky that it causes curl to return an error when it tries to delete the file with a -Q "-rm ...." command option. (The QUOTE delete is part of the original script that I left off of the example below to simplify things.)

I see in libcurl a couple of years back there were some fixes put in for zero length files for http: protocol. (See http://curl.haxx.se/mail/lib-2008-11/0134.html) Is this the same problem for sftp & ftp?

Here's the output from a short shell script showing the problem:

/bin/curl -V
curl 7.21.3 (powerpc-ibm-aix5.1.0.0) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.4 libidn/1.19 libssh2/1.2.7
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp

/bin/curl -u uid:pwd -v --key /home/jay/.ssh/id_dsa --pubkey /home/jay/.ssh/id_dsa.pub -O --url sftp://vtd//tmp/jay
Features: IDN IPv6 Largefile NTLM SSL libz
* About to connect() to vtd port 22 (#0)
* Trying 198.185.205.10... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0connected
* Connected to vtd (198.185.205.10) port 22 (#0)
* Failed to read known hosts from /home/jay/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAxClm+tCD0zPg+o50pmqJSkyRTPZoQvbb5y0SsVFDGArkukON2EPqs+0Y7rrs03CJ/AcYC/rYN7ymoUfIyEtxIiUFeOTQkprin2Db99eczp9pQK91PaqmlhHnfySKfxIEi46mq3jqLvgM5PbRZ9VlBY7Kbg+hPyIPgl1mC+jS5c3MKbIy/eMrCc5oAap+DuoVqdiTxoT1x8ZCfGnaInTJyW33LWIUvfB2OSpJ+w/g4f/vJnKHkuqOWKmMDK3QcRAjqVluDIit/xlIMj/9bRD5vdiTkqpqWTe5ecae4zgs+wMtiJYjD3vgAtyeobNJ5zUlNxts/b4n/thG1MlPlc3rGw==
* SSH authentication methods available: publickey,password
* Using ssh public key file /home/jay/.ssh/id_dsa.pub
* Using ssh private key file /home/jay/.ssh/id_dsa
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0* SSH public key authentication failed: Username/PublicKey combination invalid
* Initialized password authentication
* Authentication complete
* File already completely downloaded
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0* Connection #0 to host vtd left intact

* Closing connection #0

----------------------------------------------------------------------
CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Daniel Stenberg
2011-05-26 07:19:07 UTC
Permalink
Post by Young,Jim
I see in libcurl a couple of years back there were some fixes put in for
zero length files for http: protocol. (See
http://curl.haxx.se/mail/lib-2008-11/0134.html) Is this the same problem for
sftp & ftp?
I figure it could very well be!

A really good exercise would be to add test cases for zero byte transfers for
each protocol curl supports, and then of course make sure that all test cases
do good...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Loading...