On Thu, 4 Jul 2024, Jan Schlien wrote:
curl upstream has fixed a few x509asn.1 bugs since 8.8.0 that will be included
in the pending 8.9.0 release that ships in three weeks.
I believe this specific bug is fixed by this commit:
https://github.com/curl/curl/commit/9aa1d412b814a40868558da51a6ab28ce1384a58
/ Daniel
Package: curl
Version: 8.8.0-2
Severity: normal
/usr/bin/curl --cert <cert> --key <key> <url> no longer works with the version
mentioned above. It worked well with the previous version 8.8.0-1. The error
message is:
curl: (35) error reading X.509 key or certificate file
From the changelog, this bullet point comes to mind:
* Switch curl package/binary to use gnutls, now with HTTP3 support
Looking at strace output, curl does read a lot of certs from /etc/ssl/certs/
(not shown) but it not attempt to read the path given with --cert. It reads the
--key file and then does a bogus sendmsg():
openat(AT_FDCWD, "path_removed.key", O_RDONLY|O_CLOEXEC) = 6
newfstatat(6, "", {st_mode=S_IFREG|0600, st_size=1854, ...}, AT_EMPTY_PATH) = 0
lseek(6, 0, SEEK_CUR) = 0
read(6, "-----BEGIN ENCRYPTED PRIVATE KEY"..., 1855) = 1854
read(6, "", 1) = 0
close(6) = 0
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 6
newfstatat(6, "", {st_mode=S_IFREG|0644, st_size=2996, ...}, AT_EMPTY_PATH) = 0
read(6, "# Locale name alias data base.\n#"..., 4096) = 2996
read(6, "", 4096) = 0
close(6) = 0
openat(AT_FDCWD, "/usr/share/locale/en_US/LC_MESSAGES/gnutls30.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/gnutls30.mo", O_RDONLY) = -1
ENOENT (No such file or dir ectory)
sendmsg(-1, {msg_name=NULL, msg_namelen=0,
msg_iov=[{iov_base="\25\3\3\0\2\1\0", iov_len=7}], msg_iovlen=1,
msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor)
close(5) = 0
After that, it prints the error message one character by one and exits. Let me
know if anything else is needed.
Thanks,
Jan
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.8.12-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages curl depends on:
ii libc6 2.38-13
ii libcurl3t64-gnutls 8.8.0-2
ii zlib1g 1:1.3.dfsg+really1.3.1-1
curl recommends no packages.
curl suggests no packages.
-- no debconf information
--
/ daniel.haxx.se
