Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1012807: curl: "unexpected eof" from Patroni API endpoint after client upgrade to OpenSSL 3
464 views
Skip to first unread message
Ben Harris
Jun 14, 2022, 11:10:04 AM6/14/22
to
Package: curl
Version: 7.83.1-1+b1
Severity: normal
Control: fixed -1 7.83.0-1
Dear Maintainer,
Patroni (Debian package "patroni") is a piece of cluster management
software for PostgreSQL that provides an HTTPS endpoint for managing it.
When connecting to a Patroni instance from curl 7.83.0-1 (a version
using libssl1.1), everything works happily:
wraith:~# curl --fail --insecure https://infra-db.srv.uis.cam.ac.uk:8008/ -o /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 651 0 651 0 0 62928 0 --:--:-- --:--:-- --:--:-- 65100
However, when I upgrade to curl 7.83.1-1+b1, I get an error from the
same request:
wraith:~# curl --fail --insecure https://infra-db.srv.uis.cam.ac.uk:8008/ -o /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 651 0 651 0 0 22106 0 --:--:-- --:--:-- --:--:-- 22448
curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
I would expect the two versions to behave the same.
Patroni uses Python's "http.server" to implement its API endpoint, so it
may be possible to construct a simple test-case out of that. I haven't
yet tried.
I'm not certain that this bug is in cURL rather than in OpenSSL, Python,
or Patroni, but cURL is the part I'm interacting with so it seems like a
good place to start.
Here are the versions of libcurl4's dependencies, since they might be
relevant:
ii libbrotli1:i386 1.0.9-2+b3
ii libgssapi-krb5-2:i386 1.19.2-2+b2
ii libidn2-0:i386 2.3.2-2
ii libldap-2.5-0:i386 2.5.12+dfsg-2
ii libnghttp2-14:i386 1.47.0-1+b1
ii libpsl5:i386 0.21.0-1.2
ii librtmp1:i386 2.4+20151223.gitfa8646d.1-2+b2
ii libssh2-1:i386 1.10.0-3+b1
ii libssl3:i386 3.0.3-7
ii libzstd1:i386 1.5.2+dfsg-1
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 5.17.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages curl depends on:
ii libc6 2.33-7
ii libcurl4 7.83.1-1+b1
ii zlib1g 1:1.2.11.dfsg-4
curl recommends no packages.
curl suggests no packages.
-- no debconf information
Version: 7.83.1-1+b1
Severity: normal
Control: fixed -1 7.83.0-1
Dear Maintainer,
Patroni (Debian package "patroni") is a piece of cluster management
software for PostgreSQL that provides an HTTPS endpoint for managing it.
When connecting to a Patroni instance from curl 7.83.0-1 (a version
using libssl1.1), everything works happily:
wraith:~# curl --fail --insecure https://infra-db.srv.uis.cam.ac.uk:8008/ -o /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 651 0 651 0 0 62928 0 --:--:-- --:--:-- --:--:-- 65100
However, when I upgrade to curl 7.83.1-1+b1, I get an error from the
same request:
wraith:~# curl --fail --insecure https://infra-db.srv.uis.cam.ac.uk:8008/ -o /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 651 0 651 0 0 22106 0 --:--:-- --:--:-- --:--:-- 22448
curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
I would expect the two versions to behave the same.
Patroni uses Python's "http.server" to implement its API endpoint, so it
may be possible to construct a simple test-case out of that. I haven't
yet tried.
I'm not certain that this bug is in cURL rather than in OpenSSL, Python,
or Patroni, but cURL is the part I'm interacting with so it seems like a
good place to start.
Here are the versions of libcurl4's dependencies, since they might be
relevant:
ii libbrotli1:i386 1.0.9-2+b3
ii libgssapi-krb5-2:i386 1.19.2-2+b2
ii libidn2-0:i386 2.3.2-2
ii libldap-2.5-0:i386 2.5.12+dfsg-2
ii libnghttp2-14:i386 1.47.0-1+b1
ii libpsl5:i386 0.21.0-1.2
ii librtmp1:i386 2.4+20151223.gitfa8646d.1-2+b2
ii libssh2-1:i386 1.10.0-3+b1
ii libssl3:i386 3.0.3-7
ii libzstd1:i386 1.5.2+dfsg-1
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 5.17.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages curl depends on:
ii libc6 2.33-7
ii libcurl4 7.83.1-1+b1
ii zlib1g 1:1.2.11.dfsg-4
curl recommends no packages.
curl suggests no packages.
-- no debconf information
0 new messages