488791 – curl-7.19.4-1 breaks pycurl

Bug 488791 - curl-7.19.4-1 breaks pycurl

Summary: curl-7.19.4-1 breaks pycurl

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	curl
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jindrich Novy
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-03-05 19:04 UTC by Toshio Ernie Kuratomi
Modified:	2013-07-02 23:35 UTC (History)
CC List:	4 users (show)
Fixed In Version:	7.19.4-2.fc10
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-03-06 14:09:06 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Simple test case (323 bytes, text/x-python) 2009-03-05 19:08 UTC, Toshio Ernie Kuratomi	no flags	Details
View All

Description Toshio Ernie Kuratomi 2009-03-05 19:04:38 UTC

Description of problem:
Upon upgrading from curl-7.18.2-9 to curl-7.19.4-1 pycurl with SSL sites has broken.  I can make a single request to an SSL enabled site but all subsequent requests yield a traceback:

Traceback (most recent call last):
  File "bin/pkgdb-client", line 255, in <module>
    failedPackages.update(add_edit_package(pkgdb, options))
  File "bin/pkgdb-client", line 222, in add_edit_package
    groups=group_dict)
  File "/usr/lib/python2.6/site-packages/fedora/client/pkgdb.py", line 182, in add_edit_package
    auth=True, req_params=data)
  File "/usr/lib/python2.6/site-packages/fedora/client/baseclient.py", line 309, in send_request
    req_params = req_params, auth_params = auth_params)
  File "/usr/lib/python2.6/site-packages/fedora/client/proxyclient.py", line 254, in send_request
    request.perform()
pycurl.error: (60, 'Peer certificate cannot be authenticated with known CA certificates')



Version-Release number of selected component (if applicable):
  curl-7.19.4-1

How reproducible:

Always

Steps to Reproduce:
python
from fedora.client import PackageDB
pkgdb = PackageDB()

data = pkgdb.send_request('/collections/id/8')
data2 = pkgdb.send_request('/collections/id/8')

Actual results:

traceback:
  File "/usr/lib/python2.6/site-packages/fedora/client/baseclient.py", line 309, in send_request
    req_params = req_params, auth_params = auth_params)
  File "/usr/lib/python2.6/site-packages/fedora/client/proxyclient.py", line 254, in send_request
    request.perform()
pycurl.error: (60, 'Peer certificate cannot be authenticated with known CA certificates')

Expected results:
data and data2 contain the same information

Additional info:

I'll attach a simpler test case as soon as I can adapt some code

Comment 1 Toshio Ernie Kuratomi 2009-03-05 19:08:27 UTC

Created attachment 334183 [details]
Simple test case

Here's a simple test case.  Note that if I don't clean up (with c.close() ) then this works but I have a huge memory leak (not sure if the memory leak exists when I call c.close() as I can't run many iterations yet).  Additionally, when a curl object goes out of scope (like being created and used inside of a function), the curl object is being cleaned up and the same traceback results.

Comment 2 Toshio Ernie Kuratomi 2009-03-06 00:11:53 UTC

It appears that curl-7.19.4-easy-leak.patch is the culprit but I can also confirm that there is a memory leak in the test script without that patch applied.

The memory leak without the patch also occurs with some simple C code.  That C code does not show either problem (unable to authenticate the peer certificate or memory leak) when the patch is applied.

Comment 3 Kamil Dudka 2009-03-06 12:15:07 UTC

curl-7.19.4-easy-leak.patch has caused a regression in NSS support. NSS_Shutdown() is called indirectly by curl_easy_cleanup() and it unloads the libnsspem.so module. Once it is unloaded it can't be loaded any more. It seems like nss/pem bug. I am going to look at this issue next week. In the meantime jnovy will remove this patch.

Comment 4 Jindrich Novy 2009-03-06 14:09:06 UTC

The easy-leak patch is now dropped.

Comment 5 Fedora Update System 2009-03-06 14:31:09 UTC

curl-7.19.4-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/curl-7.19.4-2.fc10

Comment 6 Fedora Update System 2009-03-06 14:33:38 UTC

curl-7.19.4-2.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/curl-7.19.4-2.fc9

Comment 7 Kamil Dudka 2009-03-08 08:18:48 UTC

Regardless the strange nss/pem behavior I've discussed this patch at curl-library mailing list and considered it not good idea at all. There should be fixed the code using libcurl as the library works well if its users adhere to the API. At first I am going to write a patch fixing src/main.c.

Comment 8 Fedora Update System 2009-03-09 22:43:53 UTC

curl-7.19.4-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2009-03-09 22:47:47 UTC

curl-7.19.4-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Brennan Ashton 2009-03-18 16:43:40 UTC

This sill appears to be broken to me the test case gives:
1 1
2
Traceback (most recent call last):
  File "break-pycurl.py", line 11, in <module>
    c.perform()
pycurl.error: (60, 'Peer certificate cannot be authenticated with known CA certificates')


package versions:
curl-7.19.4-3.fc10.i386
python-pycurl-7.18.2-1.fc10.i386
nss-3.12.2.0-4.fc10.i386

Comment 11 Kamil Dudka 2009-03-18 17:11:11 UTC

Version of the curl package is irrelevant while using pycurl. Please double-check version of the libcurl package:
$ rpm -q libcurl

It seems like the old curl library still survives on your system.

Comment 12 Brennan Ashton 2009-03-19 04:44:01 UTC

the rpm db got confused or something I reinstalled libcurl and it worked.

Note You need to log in before you can comment on or make changes to this bug.