No response when hitting server without cookies

[KennethWilke]

I'm trying to take another crack at consuming this API. So far I'm not getting any responses from my BMCs. My test below:

kwilke@kwilke:~$ time curl -vk https://10.127.89.204/
*   Trying 10.127.89.204...
* Connected to 10.127.89.204 (10.127.89.204) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 704 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*    server certificate verification SKIPPED
*    server certificate status verification SKIPPED
*    common name: localhost (does not match '10.127.89.204')
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: C=XX,L=Default City,O=openbmc.org,CN=localhost
*    start date: Fri, 06 Nov 2015 20:35:06 GMT
*    expire date: Sat, 05 Nov 2016 20:35:06 GMT
*    issuer: C=XX,L=Default City,O=openbmc.org,CN=localhost
*    compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: 10.127.89.204
> User-Agent: curl/7.43.0
> Accept: */*
> 
* GnuTLS recv error (-54): Error in the pull function.
* Closing connection 0
curl: (56) GnuTLS recv error (-54): Error in the pull function.

real    0m21.773s
user    0m0.056s
sys 0m0.004s

This BMC is running the v0.6-stable branch of OpenBMC, the host I'm trying to hit has been up about 45 minutes. How should I go about troubleshooting this further?

[KennethWilke]

Ah, Adi informed me this happens if you don't use cookies. It seems a bit odd that the server doesn't return anything for this. Would probably be more appropriate to return a 401 error in response to the unauthorized request.

[aglynn42]

I started getting this error after a Debian update. After running autoremove, which removed a lot of old libs including an old version of GnuTLS, everything started working again. It occurred whether or not curl was accessing a site with a cached cookie. It happened not only with curl but also with Chromium, which uses gnutls. Since GIT uses libcurl, it was also affecting GIT cloning from Github.

[bradbishop]

@KennethWilke assuming I change the response to 401 as discussed in https://github.com/openbmc/phosphor-rest-server/issues/25 is there any additional issue to be addressed here you think?

[KennethWilke]

I think the issue here is a little different, a 401 would be good as in #25, but in this issue there's no response from the server whatsoever, it just terminates the connection without any response.

[bradbishop]

I guess maybe I fixed it somewhere along the line:

[toshiba:openbmc]$ /bin/curl -vk https://192.168.254.77/
* About to connect() to 192.168.254.77 port 443 (#0)
*   Trying 192.168.254.77...
* Connected to 192.168.254.77 (192.168.254.77) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=localhost,O=openbmc.org,L=Default City,C=XX
*       start date: Nov 06 20:35:06 2015 GMT
*       expire date: Nov 05 20:35:06 2016 GMT
*       common name: localhost
*       issuer: CN=localhost,O=openbmc.org,L=Default City,C=XX
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.254.77
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Length: 111
< Content-Type: application/json
< Date: Thu, 08 Sep 2016 15:49:39 GMT
<
{
  "data": {
    "description": "Login required"
  },
  "message": "401 Unauthorized",
  "status": "error"
* Connection #0 to host 192.168.254.77 left intact
}[toshiba:openbmc]$

@KennethWilke go ahead and reopen if it pops up again.