Bug 1308791 - curl with libpsl
curl with libpsl
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: curl (Show other bugs)
24
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Kamil Dudka
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-16 00:40 EST by Remi Collet
Modified: 2016-03-08 09:53 EST (History)
4 users (show)

See Also:
Fixed In Version: curl-7.47.1-4.fc25 curl-7.47.1-4.fc24
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-03 04:22:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Remi Collet 2016-02-16 00:40:14 EST
Since curl is built with libpsl, pecl_http test suite fails.

This a tracker bug to not loose this.

Upstream report (with curl upstream involved)

libpsl: https://github.com/rockdaboot/libpsl/issues/48
pecl_http: https://github.com/m6w6/ext-http/issues/26


Perhaps we should revert this option for F24, waiting for a upstream fix.
Comment 1 Remi Collet 2016-02-16 00:42:35 EST
To summarize, all non qualified domain (ex: "localhost") are considered by libpsl as "public suffix", and thus curl ignore the cookie.

Add cicku, libpsl maintainer in CC.
Comment 2 Kamil Dudka 2016-02-16 01:57:27 EST
(In reply to Remi Collet from comment #0)
> Perhaps we should revert this option for F24, waiting for a upstream fix.

Given the fact that we have not received any bug report except the php-pecl-http one, I do not think this is a major regression requiring an immediate revert.  I would prefer to wait few more days to see whether the actual fix will go to libcurl or libpsl.

Paul, what is your opinion on this?  Should we revert the libpsl support now?
Comment 3 Remi Collet 2016-02-16 02:17:03 EST
After digging a little in other applications using the libpsl, I think the usage in libcurl is not correct (so the bug is "in" curl, not in libpsl)

The check should probably use psl_is_cookie_domain_acceptable instead of psl_is_public_suffix.
Comment 5 Kamil Dudka 2016-02-16 02:23:51 EST
Thanks for digging!  This is kind of surprising because the libcurl code your refer to is contributed by the libpsl maintainer:

https://github.com/curl/curl/commit/e77b5b74
Comment 6 Remi Collet 2016-02-16 02:24:11 EST
Also https://github.com/curl/curl/issues/658
Comment 7 Paul Howarth 2016-02-16 04:29:15 EST
(In reply to Kamil Dudka from comment #2)
> (In reply to Remi Collet from comment #0)
> > Perhaps we should revert this option for F24, waiting for a upstream fix.
> 
> Given the fact that we have not received any bug report except the
> php-pecl-http one, I do not think this is a major regression requiring an
> immediate revert.  I would prefer to wait few more days to see whether the
> actual fix will go to libcurl or libpsl.
> 
> Paul, what is your opinion on this?  Should we revert the libpsl support now?

I'm in favour of "wait and see" for the moment. The psl_is_cookie_domain_acceptable approach looks promising, as would allowing cookies for the same hostname as the HTTP host. I think it's likely that there will be a change in curl to address this anyway.
Comment 8 Jan Kurik 2016-02-24 10:22:14 EST
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
Comment 9 Kamil Dudka 2016-03-03 02:12:43 EST
Could you please check whether curl-7.47.1-4.fc25 works good enough for you?

http://koji.fedoraproject.org/koji/buildinfo?buildID=741218
Comment 10 Remi Collet 2016-03-03 02:48:31 EST
See https://apps.fedoraproject.org/koschei/package/php-pecl-http

Yes, curl-7.47.1-4.fc25 fix this issue.
Thanks.
Comment 11 Kamil Dudka 2016-03-03 04:22:06 EST
Thanks for confirmation!  Fixed in curl-7.47.1-4.fc24.
Comment 12 Kamil Dudka 2016-03-08 09:53:06 EST
upstream commit:

https://github.com/curl/curl/commit/c140bd78

Note You need to log in before you can comment on or make changes to this bug.