Closed calvin2021y closed 1 year ago
for IOS arm64:
CURL:
--host=arm-apple-darwin --enable-static --disable-shared --enable-verbose --disable-versioned-symbols --enable-hidden-symbols --enable-dnsshuffle --enable-http --enable-cookies --enable-alt-svc --enable-ipv6 --enable-proxy --disable-mqtt --disable-ftp --disable-largefile --disable-file --disable-ldap --disable-ldaps --disable-rtsp --disable-dict --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-manual --disable-libcurl-option --disable-sspi --disable-crypto-auth --disable-ntlm-wb --disable-tls-srp --disable-unix-sockets --without-librtmp --without-libidn2 --without-zsh-functions-dir --with-zlib --without-nss --without-gnutls --without-winssl --without-amissl --without-cyassl --without-schannel --without-mbedtls --with-wolfssl --without-openssl --without-ca-path --without-ca-bundle --without-ca-fallback --without-libpsl --without-zsh-functions-dir --without-fish-functions-dir --with-nghttp2 --without-ngtcp2 --without-nghttp3 --without-quiche --enable-doh --without-zstd --without-brotli --enable-websockets --enable-ares --disable-threaded-resolver
wolfSSL
--enable-shared=no --enable-harden --enable-filesystem=no --enable-pwdbased=no --enable-ip-alt-name --enable-sni --enable-alpn --enable-truncatedhmac --enable-earlydata --enable-tlsv10=no --enable-oldtls=yes --enable-tlsv12=yes --enable-tls13 --enable-rsa --enable-psk-one-id --enable-session-ticket --enable-savesession --enable-sessioncerts --enable-rng --enable-aescbc=yes --enable-aescfb=no --enable-aesccm=no --enable-aesctr=no --enable-aesctr=no --enable-maxfragment=yes --enable-blake2=no --enable-blake2s=no --enable-hkdf=no --enable-sys-ca-certs=no --enable-examples=no --enable-crypttests=no --enable-singlethreaded=no --enable-asynccrypt=no --enable-asyncthreads=no --enable-sha384 --enable-asm=yes --enable-fastmath --enable-bigcache --enable-curl --enable-curve25519=yes --enable-ed25519=yes --enable-crl=no --enable-ocsp --enable-ocspstapling --enable-ocspstapling2 --enable-hrrcookie=no --host=arm-apple-darwin
android use similar configuration
Can you please provide a full example that reproduces this?
It looks like you submitted the same issue with wolfSSL ?
Yes, I am not sure it is a CURL error or wolfSSL error.
confirm the https://github.com/, https://1.1.1.1/ work
These work fine with curl and wolfSSL from git master on my x86-64 on Linux. I don't think this is a curl problem.
(can't test on android/ios)
what cause this ?
ALPN: offers h2,http/1.1
Didn't find Session ID in cache for host HTTPS://
SSL_connect failed with error -313: received alert fatal error
multi_done: status: 35 prem: 1 done: 0
multi_done, not re-using connection=4, forbid=0, close=0, premature=1, conn_multiplex=0
The cache now contains 3 members
Curl_disconnect(conn #4, dead=1)
Closing connection
Expire cleared
There seems no internet yet, because time is 0ms to get this error.
Didn't find Session ID in cache for host HTTPS://
It should be logging a host name here after the HTTPS://. Are you sure there's a valid URL being passed in?
Yes, I dont want to leak the domain.
The error seems come before network. I will use wireshark to confirme.
I report false information because CURL give the zero time cost by CURLINFO_TOTAL_TIME_T and CURLINFO_CONNECT_TIME_T. (there is a DNS cache inused)
With wireshark report server return this:
Frame 6: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface en0, id 0
Ethernet II, Src: BeijingX_4c:fe:54 (28:d1:27:4c:fe:54), Dst: Apple_05:34:c0 (3c:7d:0a:05:34:c0)
Internet Protocol Version 4, Src: 43.155.24.14, Dst: 192.168.128.121
Transmission Control Protocol, Src Port: 443, Dst Port: 59447, Seq: 1, Ack: 292, Len: 7
Transport Layer Security
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 2
Alert Message
Level: Fatal (2)
Description: Internal Error (80)
I don't see how this is at all related to RSA certs.
I don't think this is a curl problem and no further data has been provided to point at it being so.
curl/libcurl version
I test master branch and 8_1_2, has the same error.
Test wolfssl 5.6.2, 5.6.3.
the error throw from CURL this line.
I use CURLOPT_SSL_CTX_FUNCTION to load cert from memory.
Other platform confirm work, ios amr64 and andoird arm32 also work before. not sure the new CURL and wolfSSL which one cause this error.
I need some advise to help me to debug this out.
cloud be related
confirm the https://github.com, https://1.1.1.1 work. https://8.8.8.8 and other RSA certs not work.
try http1 and http2 by add CURLOPT_HTTP_VERSION, problem still exists.
operating system
Ios & android.