Running the sample code hangs

[raghujayan]

I compiled the source and the samples using VS2015. Wen running the sample executable the programs simply hangs in bc.container_exists().

When I use http instead of https the program does not hang. However I get error code 400 and in general the program fails.

Appreciate any insights?

[katmsft]

Thanks for reporting the issue, is there any detailed log? e.g. the call stack of the hang or the detailed error message of the 400 would be very helpful to narrow down the issue.

[raghujayan]

The hang does not produce any error messages. There is I suppose retry for a long time and then a timeout. I think I have narrowed it down to SSL cert verification issue.

[Jinming-Hu]

@raghujayan Hi, are you trying to intercept HTTPS traffic using self-signed certificate? Because today I just came across exact the same issue as you did when I'm trying to capture HTTPS traffic.

If this is your case, the program hangs there because Curl requests keep failing and retrying. Disabling SSL cert verification will fix it. Ref to here

[raghujayan]

Thank you @JingchuanHuangMSFT ,as I had mentioned in my previous message. I can indeed see that it is a SSL cert verification failure issue and I had confirmed that by setting the CURL options to not verify the certs. Once I disable the CERT verification the sample works fine.

My question mostly was around that fact that we are planning to deploy this library in production code where it is not a good idea to bypass the verification. Is there an alternate way you can suggest. Find the system CA bundle for example ...

Thank you for your help.

[Jinming-Hu]

@raghujayan Yes, use these two options, CURLOPT_CAINFO and CURLOPT_SSL_OPTIONS, I just tried, it works.

[raghujayan]

Well @JingchuanHuangMSFT why not compile curl and the storage-lite SDK with the OSs TLS backend? For example compiling curl with SChannel (not openssl) for Windows would ensure the curl finds the OSs cert bundle. Refer - https://curl.haxx.se/docs/sslcerts.html , https://curl.haxx.se/docs/ssl-compared.html, https://curl.haxx.se/docs/faq.html#Does_curl_work_build_with_other

[Jinming-Hu]

@raghujayan This is a good idea, I'll take time to look into it.

[Jinming-Hu]

@raghujayan I just tested, if libcurl is complied with SChannel as backend, it can find the OS cert bundle by default.

But really, there isn't too much we can do about the cpplite sdk, it's all about how libcurl is compiled.

[raghujayan]

@JinmingHu-MSFT , I have confirmed that compiling CURL with Schannel instead of OpenSSL is sufficient for getting the SSL certs verified for the sample code out-of-box without any CURL opts being added to find certs.

I agree there is nothing to do with storage ccplite sdk. However there should be in my opinion comment in the README to help with this if users of SDK come across this.

What do you think?

[Jinming-Hu]

@raghujayan Thanks for your feedback, we'll consider add it to README in the future.

[raghujayan]

Thank you @JinmingHu-MSFT for addressing the issue.