gb.net.curl fails to connect using https

[GoogleCodeExporter]

When using the gb.net.curl component to fetch a page using ssl (https) curl 
raises an unknown error. If AnyHttpClientInstance.Debug = True, the following 
is printed to stdout: (used the HTTPGet example to test the bug)

Example using https://lwn.net
* Connection #0 seems to be dead!
* Closing connection #0
* About to connect() to lwn.net port 443 (#0)
*   Trying 72.51.34.34...
* Connected to lwn.net (72.51.34.34) port 443 (#0)
* Connected to lwn.net (72.51.34.34) port 443 (#0)
* SSL: couldn't create a context: error:140A90A1:lib(20):func(169):reason(161)
* Closing connection #0

If you execute curl from a terminal (e.g curl -v https://lwn.net) it completes 
without an error

IMHO, it has to do with certificate validation, but that's all I could find

System: Archlinux
Version: 3.1
Output of <curl --version>:
curl 7.25.0 (i686-pc-linux-gnu) libcurl/7.25.0 OpenSSL/1.0.1 zlib/1.2.6 
libssh2/1.4.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp 
sftp smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

Original issue reported on code.google.com by sebi...@gmail.com on 15 Apr 2012 at 6:25

[GoogleCodeExporter]

Mmm. It works there with curl 7.21 on Ubuntu 11.10.

curl 7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 
libidn/1.22 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp 
rtsp smtp smtps telnet tftp 
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

So you should wait until I use a more recent distribution that have the same 
curl version as yours. Then I will be able to look at the problem...

Original comment by benoit.m...@gmail.com on 15 Apr 2012 at 3:05

• Added labels: Version-TRUNK
• Removed labels: Version

[GoogleCodeExporter]

I tried to fix this problem by using permutations of old curl and openssl 
versions, including yours (curl 7.21.6 and openssl 1.0.0e), but with no 
success. It must be a problem with my system, the only thing is that when I use 
curl from the command line it works as expected. I'm not sure what is causing 
this bug.

Original comment by sebi...@gmail.com on 15 Apr 2012 at 6:50

[GoogleCodeExporter]

I now know for sure this is an error in openssl. I will try to figure out 
exactly why this is happening.

Source: http://curl.haxx.se/mail/lib-2008-02/0164.html

Original comment by sebi...@gmail.com on 18 Apr 2012 at 10:02

[GoogleCodeExporter]

Original comment by benoit.m...@gmail.com on 21 Apr 2012 at 6:02

• Changed state: NeedsInfo

[GoogleCodeExporter]

Okay, I found the reason. It seems that openssl's function SSL_library_init() 
needs to be called somewhere before the execution of the https request[0] to 
load the available ciphers .

"Reason 161 is "Library has no ciphers" returned from SSL_CTX_new." [0]

More info:
[0] https://bugs.php.net/bug.php?id=35160
openssl docs: http://www.openssl.org/docs/ssl/SSL_library_init.html
http://www.php.net/manual/en/ref.openssl.php#58581

I'm not sure if this should be done on the gb.net.curl component or libcurl 
directly. I'm not even sure why this even happened. 

I hope this helps. If I need to build some package again please let me know.

Original comment by sebi...@gmail.com on 21 Apr 2012 at 11:38

[GoogleCodeExporter]

Can you try to call SSL_library_init() explicitly from the Gambas code?

Extern SSL_library_init() In "libssl"

Original comment by benoit.m...@gmail.com on 10 Jun 2012 at 3:18

[GoogleCodeExporter]

It worked!! I added the Extern declaration and called SSL_library_init() at 
Form_Open()

Any ideas of why this is happening??

Thanks a lot!! 

Original comment by sebi...@gmail.com on 10 Jun 2012 at 4:20

[GoogleCodeExporter]

It's your idea! :-) You told me that SSL_library_init() must be called, but 
that libcurl does not do it. I just suggested to call it directly from Gambas.

But I can't add that call directly in the gb.net.curl component, because it 
does not depend on libssl. Just libcurl. Apparently this is a bug in libcurl, 
so it may be fixed in future release. Don't you think so?

Original comment by benoit.m...@gmail.com on 11 Jun 2012 at 5:36

• Changed state: WontFix

[GoogleCodeExporter]

I'm really confused, first because no one else seems to be affected by this 
bug. And second because curl (a terminal wrapper for libcurl) seems works fine!

libcurl apparently depends on openssl, which provides libssl. Could a call to 
SSL_library_init() be added only when using https? Even tough libcurl should do 
it if it detects an https connection is requested, calling it would prevent 
this bug from occurring and hurt nobody.

Original comment by sebi...@gmail.com on 11 Jun 2012 at 10:38

[GoogleCodeExporter]

I see now. It's just that gb.net.curl does not initialize the curl library 
correctly! Sorry if I didn't see that sooner, but I didn't write the code.

Original comment by benoit.m...@gmail.com on 12 Jun 2012 at 11:53

• Changed state: Accepted

[GoogleCodeExporter]

Curl initialization has been fixed in revision #4823. Tell me if now things 
work correctly for you.

Original comment by benoit.m...@gmail.com on 12 Jun 2012 at 5:22

• Changed state: Fixed

[GoogleCodeExporter]

Works like a charm. Thanks a lot!!

Original comment by sebi...@gmail.com on 13 Jun 2012 at 12:04