Red Hat Bugzilla – Bug 1388162
HTTPS request hangs when HTTP proxy responds too soon
Last modified: 2017-08-01 13:02:31 EDT
Created attachment 1213507 [details] Proposed patch Description of problem: When using a proxy for HTTPS requests, the SSL handshake is started in the CURLM_STATE_WAITCONNECT state and typically completed in CURLM_STATE_PROTOCONNECT. Ocasionally, however, when the proxy responds fast enough, the SSL handshake can be completed before CURLM_STATE_PROTOCONNECT. Once in the CURLM_STATE_PROTOCONNECT state, nss_connect_common() is called.. At the very beginning, the function checks if the used connection is not already completed: if(connssl->state == ssl_connection_complete) return CURLE_OK; The problem is, the variable 'done' inidicating a completed handshake is not set to TRUE in this case. As a consequence, the state machine gets stuck in CURLM_STATE_PROTOCONNECT because the variable 'protocol_connect' will always be FALSE. I am attaching a patch that fixed the problem for me. Version-Release number of selected component (if applicable): curl-7.29.0-25.el7.s390x How reproducible: Randomly, but frequently enough. I only experienced this bug on s390x machines but other environments might be affected too. Steps to Reproduce: $ sudo yum -y install httpd mod_ssl squid $ sudo systemctl start httpd squid $ sudo echo OK > /var/www/html/test $ while curl -v -k -x localhost:3128 https://localhost/test; do sleep 1; done Actual results: * About to connect() to proxy localhost port 3128 (#0) * Trying ::1... * Connected to localhost (::1) port 3128 (#0) * Establish HTTP proxy tunnel to localhost:443 > CONNECT localhost:443 HTTP/1.1 > Host: localhost:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: * subject: ... * start date: ... * expire date: ... * common name: ... * issuer: ... <hangs> Expected results: All requests are served successfully.
Comment on attachment 1213507 [details] Proposed patch Thanks for the patch! It looks good to me ... but we need to do the assignment in non-blocking mode only. Otherwise we would dereference a NULL pointer. I will push the patch upstream on your behalf (with the condition inserted).
upstream commit: https://github.com/curl/curl/commit/curl-7_50_3-100-geb84412
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2016