Bug 1813

Summary: Curl 7.21.5 fails with SSL proxy
Product: Mageia Reporter: Erwan VELU <erwanaliasr1>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: ennael1
Version: 1   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: curl-7.21.5-1.mga1.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 1911    

Description Erwan VELU 2011-06-15 16:59:21 CEST 
Description of problem:
libcurl failed to check the correct struct for HTTPS after CONNECT was
issued to the proxy, so it didn't do the TLS handshake and subsequently
failed the connection. A regression released in 7.21.5 (introduced
around commit 8831000)

Version-Release number of selected component (if applicable):


How reproducible:

ALL_PROXY=http://192.168.0.102:8000 curl -k -f -s  -S  https://mysite.ife-sit.info/v1/dists/squeeze/Release

This generate the following error :
2011/06/15 16:12:29| clientNegotiateSSL: Error negotiating SSL connection on FD 12: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)

This is solved by applying https://github.com/bagder/curl/commit/c2c89481909de99e37f4aee46c8bc1b1358a5988

I did failed locally during make check but that's may be linked with my setup. At least the code is now running fine.

Another option is to move to 7.21.6.
Anne Nicolas 2011-06-15 23:05:34 CEST

CC: (none) => ennael1
Component: RPM Packages => Security

Nicolas Vigier 2011-06-27 21:40:03 CEST

Blocks: (none) => 1911

Comment 1 Nicolas Vigier 2011-06-27 23:09:28 CEST 
Package curl-7.21.5-1.1.mga1 submitted to updates_testing repository should fix this issue.

Status: NEW => ASSIGNED
CC: (none) => boklm
Assignee: bugsquad => qa-bugs

Comment 2 Nicolas Vigier 2011-06-30 15:19:39 CEST 
Packages moved to updates.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:07:24 CEST

CC: boklm => (none)