-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 (Ramakrishnan, would you mind pushing recent versions of curl to git.debian.org? The last thing there seems to be 7.20.1-2 with the tag missing. If you've lost the git history since then, I have a tree of git-import-dsc imports (plus some random hacking on the master branch to pin down which error we're seeing here) at <http://git.debian.org/?p=users/smcv/qa/curl.git>.)
On Sat, 13 Nov 2010 at 15:53:17 -0600, Steve M. Robbins wrote: > Does curl really treat the default value as 0 seconds timeout on the > connection? Or does it treat 0 as unlimited (i.e. no timeout)? The > manpage for curl_easy_setopt is unclear on this. Looking at the relevant source code, it seems to be intended to be no timeout. This seems to need quite a few special cases, though, so it wouldn't surprise me if one had been forgotten, particularly in the less-often-used gnutls backend. > Noteworthy: on squeeze, curl seems to be able to access the files > successfully with the same key material. Try: curl > > https://apt-test.aviatis.com/apt-cacher/ftp.us.debian.org/debian/dists/squeeze/Release > -k --cert > /etc/apt/client-certs/test-client.apt-test.aviatis.com.crt --key > /etc/apt/client-certs/test-client.apt-test.aviatis.com.key However, curl(1) on Debian uses the OpenSSL variant of the library, whereas apt-transport-https uses the GNUTLS one. By way of background info for upstream: the binary package builds curl twice, once for each variant, in debian/build and debian/build-gnutls (respectively), and packages them separately; dependent packages choose one or the other according to their licensing requirements (GPL things, like apt, need the GNUTLS variant). The build tree in debian/build-gnutls is compiled --without-ssl --with-gnutls - --without-libssh2, with some build-system patches to make it produce libcurl-gnutls.so. There don't seem to be code changes, though, so hopefully you might be able to reproduce this with an unpatched build with similar ./configure arguments. While in the build tree of Debian's curl packages, you can test either version with the corresponding curl command-line tool, even though the GNUTLS variant isn't actually going to be installed. Hopefully I'm driving it correctly here: # OpenSSL backend, zero timeout, succeeds ./debian/build/src/curl -k https://apt-test.aviatis.com/apt-cacher/ftp.us.debian.org/debian/dists/squeeze/Release --cert ../test-client.apt-test.aviatis.com.crt --key ../test-client.apt-test.aviatis.com.key # OpenSSL backend, 10 second timeout, succeeds ./debian/build/src/curl -m10 -k https://apt-test.aviatis.com/apt-cacher/ftp.us.debian.org/debian/dists/squeeze/Release --cert ../test-client.apt-test.aviatis.com.crt --key ../test-client.apt-test.aviatis.com.key # GNUTLS backend, zero timeout, fails ./debian/build-gnutls/src/curl -k https://apt-test.aviatis.com/apt-cacher/ftp.us.debian.org/debian/dists/squeeze/Release --cert ../test-client.apt-test.aviatis.com.crt --key ../test-client.apt-test.aviatis.com.key curl: (28) SSL connection timeout # GNUTLS backend, 10 second timeout, fails differently! ./debian/build-gnutls/src/curl -m10 -k https://apt-test.aviatis.com/apt-cacher/ftp.us.debian.org/debian/dists/squeeze/Release --cert ../test-client.apt-test.aviatis.com.crt --key ../test-client.apt-test.aviatis.com.key curl: (28) gnutls_handshake() failed: Decryption has failed. It turns out that the error in the "GNUTLS, zero timeout" test is the *second* occurrence of this error message in lib/gtls.c handshake() (the one marked as "g2" in my git branch referenced above). Curl_timeleft() returns 0, and Curl_socket_ready() also returns 0. I ran out of brain at this point, I'm afraid... but hopefully this gives someone a useful clue? Regards, Simon -----BEGIN PGP SIGNATURE----- iQIVAwUBTN8e6E3o/ypjx8yQAQjV8g/+IJ+O/B5vf015+UKH1ZgvnBdQYEzddPMQ YIOS082feEJzVBS0JkeJbjsXGjcbC65Z8JCUcNav5QPu7js7I2iuqV9Pn21v9TNX JOEDxEQSQL1kWyqVUxES595FuVVtwuVT8+0HJn2R7phQuL/x0Jg4RbzvljquZr3q sTQidIwHw3rSk/Z26Nrfm68ugBgvlxg2yDxy914hHvBH/uz+nnI+IgSMTG4bT0V4 iNlqT8hYRCpcBhBFbBobel3xQv8qlpKNOQj7aYj2bSe4cz/45Eau+Dzqt6LF3Ydk XLauxc32GG9KcZFU9/LsZHfuAxoRDjN93PXvp0lvhFsPTJ1Ed2l79M/SXa7AuOBn 9n/BO/vGT5GtsjRc4a4RMwQxWphIrFK3n5YpTLNcLuSVVgbRnEzkNhGz2bGDerDW WZGaEF4KL82q8afdpWwMllLLm9WbWJt6xlnZI+RE8KWvOhICpvpGlPepFD0EzFNe D8pH76xLF9q6+p9RSes+mUGX3tA70gUAkwWFFwWFpgiAw90exh6VRiKlPEXm3IsP t5K6iDWGr1ZWEXD9oKDJZ4Dp06oHozhPTpkTyFopQqA+MjEj8JQu4W4p/xm13g+o oYpnDmGMcxNVGcfAz8KbAW4Yxwq7iGxFmcgzJvvolg5aC8cpLr0bw6h4tdKmkGFi QqCMDMq69Rw= =S9Fd -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
