Re: [SPAM] No communications to target machine
Status: Alpha
Brought to you by:
coroberti
Menu
▾
▴
Re: [SPAM] No communications to target machine
|
From: Vlad W. <wvl...@gm...> - 2008-09-25 07:59:27
|
Hi Alexander, "curl -k..." option is already enabled by calling following function in loader.c: curl_easy_setopt (handle, CURLOPT_SSL_VERIFYPEER, 0); The problem may be related to an inconsistency between client and server SSL configuration, like missing supported ciphers or disabled protocol. I had a similar problem when my server did not work with SSLv2, failing CLIENT_HELLO handling which is in SSLv2 by default. Since curl required "-3" option, I have added following line to loader.c (just before setting CURLOPT_SSL_VERIFYPEER): curl_easy_setopt (handle, CURLOPT_SSLVERSION, 3); In general, if curl-loader is linked with same openssl libraries as curl is, it should work on SSL layer just like curl does. Note that SSL errors are shown in the log when cur-loader is running with verbose option, in usual OpenSSL format (like using "curl -v -k https://..."). It's very useful thing. Thanks, Vlad On Sun, Sep 21, 2008 at 11:05 PM, Robert Iakobashvili <cor...@gm...>wrote: > Hi Alexander, > > On Sun, Sep 21, 2008 at 9:21 PM, Bradley Alexander <st...@tu...> wrote: > > > > Hi, > > > > I'm having a problem with curl-loader. I have tried both 0.44 and 0.46. I > did a default build of both on my test machine. I modified the https.conf > file and pointed it to the target system, and am experiencing timeouts, as > if it is not connecting. I ran a curl -k to the site, and the page loads > fine, which leads me to believe it may be the way curl loader is mangling > the URL. > > Please, collect the facts prior to conclusions. > > > > > > > If I run: > > > > curl -k " > https://target.example.com/index.php?NASID=test-nsaid&NASIP=accessctlr.example.com&&CallerID=00:1C:26:19:0C:87&CustIP=192.168.2.248&VLAN=2&RD=http%3A%2Fen-us.start2.mozilla.com%2Ffirefox%3Fclient%3Dfirefox-a&LgnURL=https://accessctlr.example.com/goform/HtmlLoginRequest.php > " > > > > it gives me the login page. However, my curl loader config has the > following: > > > > BATCH_NAME= https > > CLIENTS_NUM_MAX=20 # Same as CLIENTS_NUM > > CLIENTS_NUM_START=2 > > CLIENTS_RAMPUP_INC=2 > > INTERFACE =eth0 > > NETMASK=24 > > IP_ADDR_MIN= 10.56.57.1 > > IP_ADDR_MAX= 10.56.57.254 > > CYCLES_NUM=-1 > > URLS_NUM= 1 > > LOG_RESP_HEADERS=1 > > LOG_RESP_BODIES=1 > > > > ########### URL SECTION #################################### > > > > URL=" > https://target.example.com/index.php?NASID=test-nsaid&NASIP=accessctlr.example.com&&CallerID=00:1C:26:19:0C:87&CustIP=192.168.2.248&VLAN=2&RD=http%3A%2Fen-us.start2.mozilla.com%2Ffirefox%3Fclient%3Dfirefox-a&LgnURL=https://accessctlr.example.com/goform/HtmlLoginRequest.php > " > > URL_SHORT_NAME="target" > > REQUEST_TYPE=GET > > TIMER_URL_COMPLETION = 0 # In msec. When positive, Now it is enforced by > cancelling url fetch on timeout > > TIMER_AFTER_URL_SLEEP =1000 > > > > I have run tcpdumps on the test box and the target box. The test box > shows the curl-loader packets going out, but nothing coming back. The target > box does not show any traffic from the test box at all. > > > > Can someone point out what it is that I am nissing? > > > > First, fill the PROBLEM-REPORTING-FORM (PRF) in due course, since your > data is not enough. > Second, include to your curl-loader command line (unclear what is the line) > -v > Third, try a non https , e.g. some http URL and for a single client. > > Forth, read the FAQs at the web-site regarding the batch log file. you > may wish to collect such > file with option -v and to attach to you PRF in a gzipped form. > The filtered tcpdump or wireshark capture could be also helpful. > > > If your problem in some SSL/TLS handshake, we'll see a complain about > it in the log file. > Please, run curl-loader for the log with a single configured client, > single IP and single cycle. > > > >From curl man pages: > > ---------------------------------------------------------------------------------------------------------------- > -k/--insecure > > (SSL) This option explicitly allows curl to perform "insecure" SSL > connections and transfers. All SSL connections are attempted to be > made secure by using the CA certificate bundle installed by default. > This makes all connections considered "insecure" fail unless > -k/--insecure is used. > > See this online resource for further details: > http://curl.haxx.se/docs/sslcerts.html > > > ---------------------------------------------------------------------------------------------------------------------- > > What happens with your curl command line fetch, if you remove -k? > > Vald Wainbaum has recently maid some patching for a similar issue. > Vlad could you guide us regarding your practice? > > > Thanks.Truly, > Robert Iakobashvili, Ph.D. > ...................................................................... > www.ghotit.com > Assistive technology that understands you > ...................................................................... > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > curl-loader-devel mailing list > cur...@li... > https://lists.sourceforge.net/lists/listinfo/curl-loader-devel > |
