Public bug reported:

Affected Ubuntu Version:
Plucky Puffin/25.04

Affected Package Versions (tested and confirmed):
8.11.0-1ubuntu1
8.11.0-1ubuntu2
8.11.0-1ubuntu2
8.11.1-1ubuntu1
8.11.1-1ubuntu1

NOT Affected Package Versions (via force downgrade):
8.9.1-2ubuntu2.2
8.9.1-2ubuntu3

Affected Platforms:
MacBook Pro 2021 (arm64) - Docker Desktop 4.38.0 (Docker 20.10.22, macOS 15.3)

NOT Affected Platforms (tested and confirmed):
Raspberry Pi 400 (arm64) - Ubuntu 25.04 (Native)
Raspberry Pi 400 (arm64) - Docker 27.5.0 (running on Ubuntu 25.04)

Input:
curl 
https://launchpadlibrarian.net/763643707/curl_8.11.1-1ubuntu1_source.changes
(can be anything with IPv6)

Expected Result:
Format: 1.8
Date: Sat, 14 Dec 2024 03:39:34 -0600
Source: curl
...

Actual Result:
curl: (35) TLS connect error: error:00000000:lib(0)::reason(0)

Workaround:
curl -4 
https://launchpadlibrarian.net/763643707/curl_8.11.1-1ubuntu1_source.changes
(forcing an IPv4 connection)

Description:
I have docker images that build using the development branch (ubuntu:devel) 
regularly, in addition to Noble (ubuntu:latest), for both amd64 and arm64. I 
recently noticed that curl was not working on the devel images, so I did some 
digging back, and found that they had been broken since November (an image from 
2024-11-24, with no other changes than the curl version, works just fine, but 
2024-11-25 is broken).

The only packages that change from `dpkg-query -W -f='${Package} ${Version}\n'` 
are:
curl 8.9.1-2ubuntu3 -> 8.11.0-1ubuntu2
libcurl3t64-gnutls 8.9.1-2ubuntu3 -> 8.11.0-1ubuntu2
libcurl4t64 8.9.1-2ubuntu3 -> 8.11.0-1ubuntu2

I tried testing on all released versions of 8.11, and all experienced the same 
issue. Downgrading the packages to 8.9.1 works to fix curl outright, but I dug 
a bit deeper. When using `curl -v` on 8.11, I get this output:
* Host launchpadlibrarian.net:443 was resolved.
* IPv6: 2620:2d:4000:1009::3b8, 2620:2d:4000:1009::13e
* IPv4: 185.125.189.228, 185.125.189.229
*   Trying [2620:2d:4000:1009::3b8]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLS connect error: error:00000000:lib(0)::reason(0)
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 
launchpadlibrarian.net:443 
* closing connection #0
curl: (35) TLS connect error: error:00000000:lib(0)::reason(0)

This indicated to me an issue with the IPv6 connection, so I tried
forcing IPv4 with `curl -4`, and lo and behold curl worked again.
Running additionally with `curl -6` confirms IPv6 as the culprit of the
bug.

** Affects: curl (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: arm64 plucky regression-proposed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2097692

Title:
  IPv6 TLS connection error/SSL_ERROR_SYSCALL in arm64 docker images

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2097692/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to