www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - CURL: A TLS packet with unexpected length was received.

reply Nrgyzer <nrgyzer gmail.com> writes:
Hi everyone,
I'm trying to retrieve some data from a url using curl. I'm using 
the following code here:

void main()
{
         ubyte[] data;

         CURL* curl = curl_easy_init();
         curl_easy_setopt(curl, CurlOption.url, "<Private HTTPS 
Url>".toStringz);
         curl_easy_setopt(curl, CurlOption.writefunction, 
&callback);
         curl_easy_setopt(curl, CURLOPT_WRITEDATA, &data);
         curl_easy_setopt(curl, CurlOption.ssl_verifyhost, false);
         curl_easy_setopt(curl, CurlOption.ssl_verifypeer, false);
         curl_easy_setopt(curl, CurlOption.verbose, 1);

	curl_easy_perform(curl);

         curl_easy_cleanup(curl);
}

But it's not working. I'm always getting the following error:

* About to connect() to <Private HTTPS Url> 443 (#0)
*   Trying <IP Address>...
* Connected to <Private HTTPS Url> (<IP Address>) port 443 (#0)
* found 160 certificates in /etc/ssl/certs/ca-certificates.crt
* gnutls_handshake() failed: A TLS packet with unexpected length 
was received.
* Closing connection 0

When using the get()-function provided by std.net.curl:

void main()
{
         get("<Private HTTPS Url>");
         // OR:
         HTTP h = HTTP("<Private HTTPS Url>");
         h.verifyHost = false;
         h.verifyPeer = false;
         h.verbose = true;
         h.perform();

}

I'm getting a similar error:

* About to connect() to <Private HTTPS Url> port 443 (#0)
*   Trying <IP Address>...
* Connected to <Private HTTPS Url> (<IP Address>) port 443 (#0)
* found 160 certificates in /etc/ssl/certs/ca-certificates.crt
* gnutls_handshake() failed: A TLS packet with unexpected length 
was received.
* Closing connection 0
std.net.curl.CurlException /home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/src/s
d/net/curl.d(3606): SSL connect error on handle 1C76E0
----------------
0x86363 pure  safe bool 
std.exception.enforceEx!(std.net.curl.CurlException).enforceEx!(b
ol).enforceEx(bool, lazy immutable(char)[], immutable(char)[], uint)
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/src/std/exception.d:546
0x79eff void std.net.curl.Curl._check(int)
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/src/std/net/curl.d:3606
0x7be2b int std.net.curl.Curl.perform(bool)
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/src/std/net/curl.d:3721
0x7be2b int std.net.curl.HTTP._perform(bool)
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/src/std/net/curl.d:2234
0xee23 _Dmain
         ???:0
0x154e3 
_D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZ9__lambda1MFZv
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/libdruntime/rt/dmain2.d:411
0x156a7 void rt.dmain2._d_run_main(int, char**, extern (C) int 
function(char[][])*).tryExec(scope void delegate())
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/libdruntime/rt/dmain2.d:386
0x15abf void rt.dmain2._d_run_main(int, char**, extern (C) int 
function(char[][])*).runAll()
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/libdruntime/rt/dmain2.d:411
0x156a7 void rt.dmain2._d_run_main(int, char**, extern (C) int 
function(char[][])*).tryExec(scope void delegate())
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/libdruntime/rt/dmain2.d:386
0x1582f _d_run_main
         
/home/build/tmp/build/.build/src/gcc-5.2.0/libphobos/libdruntime/rt/dmain2.d:419
0xec8f main
         ???:0
0xb6d83451 __libc_start_main
         ???:0

I want skip the ssl-validation but it seems that curl is always 
trying to verify the ssl certificate, although I think I've 
disabled it by setting ssl_verifyhost and ssl_verifypeer to 
false/0. I can use other ssl urls without any problems...
I'm using the latest gdc arm compiler with dmd 2.066.1

I hope anyone know what I'm doing wrong here :)
Oct 18 2016
parent reply Adam D. Ruppe <destructionator gmail.com> writes:
On Tuesday, 18 October 2016 at 17:39:45 UTC, Nrgyzer wrote:
 But it's not working. I'm always getting the following error:
What happens if you go to that HTTPS url in your normal web browser? I kinda expect the server isn't actually running https.
Oct 18 2016
parent Nrgyzer <nrgyzer gmail.com> writes:
On Tuesday, 18 October 2016 at 17:49:16 UTC, Adam D. Ruppe wrote:
 On Tuesday, 18 October 2016 at 17:39:45 UTC, Nrgyzer wrote:
 But it's not working. I'm always getting the following error:
What happens if you go to that HTTPS url in your normal web browser? I kinda expect the server isn't actually running https.
I can access the page and when I run curl from the cli I'm also retrieving the data: odroid odroid-server:/tmp/arm-unknown-linux-gnueabihf/bin$ curl <Private HTTPS Url> -verbose >> /tmp/test * About to connect() to <Private HTTPS Url> port 443 (#0) * Trying <Ip Address>... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to <Private HTTPS Url> (<Ip Address>) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): } [data not shown] * SSLv3, TLS handshake, Server hello (2): { [data not shown] * SSLv3, TLS handshake, CERT (11): { [data not shown] * SSLv3, TLS handshake, Server key exchange (12): { [data not shown] * SSLv3, TLS handshake, Server finished (14): { [data not shown] * SSLv3, TLS handshake, Client key exchange (16): } [data not shown] * SSLv3, TLS change cipher, Client hello (1): } [data not shown] * SSLv3, TLS handshake, Finished (20): } [data not shown] * SSLv3, TLS change cipher, Client hello (1): { [data not shown] * SSLv3, TLS handshake, Finished (20): { [data not shown] * SSL connection using ECDHE-RSA-AES256-SHA * Server certificate: * subject: <Hidden for privacy purposes> * start date: 2015-11-14 00:00:00 GMT * expire date: 2016-11-19 23:59:59 GMT * subjectAltName: <Hidden for privacy purposes> matched * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Extended Validation Secure Server CA * SSL certificate verify ok.
 GET /api/GetMarkets HTTP/1.1
 User-Agent: curl/7.29.0
 Host: <Private HTTPS Url>
 Accept: */*
 Referer: rbose
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0< HTTP/1.1 200 OK < Cache-Control: no-cache < Pragma: no-cache < Content-Type: application/json; charset=utf-8 < Expires: -1 < Server: Microsoft-IIS/8.5 < X-AspNet-Version: 4.0.30319 < Date: Tue, 18 Oct 2016 17:57:54 GMT < Content-Length: 567103 < { [data not shown] 100 553k 100 553k 0 0 219k 0 0:00:02 0:00:02 --:--:-- 219k * Connection #0 to host <Private HTTPS Url> left intact
Oct 18 2016