#670 SSL connect error: gnutls_handshake() failed: Illegal parameter

v1.0 (example)
open
nobody
None
5
2015-08-17
2014-06-26
Bodo
No

As reported in https://sourceforge.net/p/esniper/bugs/645/?limit=10&page=1#5de5 esniper fails to establish an SSL connection.

This is what i see at stderr. The output in the log file looks the same.

dylan@BigBox ~/esniper $ esniper -i blaupun.https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: Illegal parameter
Retrying...
Auction 181333050728: Cannot connect to URL https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: Illegal parameter
Retrying...
Auction 181333050728: Cannot connect to URL https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: Illegal parameter

Auction 181333050728: Cannot connect to URL https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: Illegal parameter

Searching for the error message finds this Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744052 and the Debian package maintainer seems to fix the problem with a patch.

--- esniper-2.30.0.orig/http.c
+++ esniper-2.30.0/http.c
@@ -228,6 +228,12 @@
         (curlrc = curl_easy_setopt(easyhandle, CURLOPT_PROXY, options.proxy)))
        return initCurlStuffFailed();

+#if 1
+   /* enforce usage of SSLv3 to avoid GnuTLS errors */
+   if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3)))
+       return initCurlStuffFailed();
+#endif
+
    /* send all data to this function */
    if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback)))
        return initCurlStuffFailed();

Discussion

  • Camden Lindsay
    Camden Lindsay
    2014-06-26

    Ah sorry for not reporting new bug- for some reason I had remembrance that the other was associated/the same from previous edit/view, and didn't re-read.

    Thank you for opening bug.

     
  • Camden Lindsay
    Camden Lindsay
    2014-06-26

    I also see that the 'fix' has been pushed to cvs

    And tested it; Working-- Thank you!

     
  • Camden Lindsay
    Camden Lindsay
    2014-06-26

    showing working output.

    dylan@BigBox ~/esniper $ esniper -i blaupunkt_stereo_auction.txt
    Auction xxx: Cannot connect to URL http://offer.ebay.com/ws/eBayISAPI.dll?ViewBids&item=xxx: Failure when receiving data from the peer: Recv failure: Connection reset by peer
    Retrying...
    Auction xxx: Autoradio Blaupunkt Bremen MP76
    Time remaining: 3 days 5 hours (277200 seconds)
    End time: 29/06/2014 11:59:09
    Currently: 38.50 (your maximum bid: 100)

    of bids: 8

    High bidder: 2***2 (NOT xxx)

    dylan@BigBox ~/esniper $ esniper blaupunkt_stereo_auction.txt
    Auction xxx: Autoradio Blaupunkt Bremen MP76
    Time remaining: 3 days 5 hours (277200 seconds)
    End time: 29/06/2014 11:59:22
    Currently: 38.50 (your maximum bid: 100)

    of bids: 8

    High bidder: 2***2 (NOT xxx)

    Auction xxx: Autoradio Blaupunkt Bremen MP76
    Time remaining: 3 days 5 hours (277200 seconds)
    End time: 29/06/2014 11:59:23
    Currently: 38.50 (your maximum bid: 100)

    of bids: 8

    High bidder: 2***2 (NOT xxx)
    Latency: 0 seconds
    Thu Jun 26 06:59:23 2014: Sleeping for a day

     
  • Bodo
    Bodo
    2014-06-26

    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -10,7 +10,7 @@
    
     Auction 181333050728: Cannot connect to URL https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: Illegal parameter
    
    -Searching for the error message find this Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744052 and the Debebian package maintainer seems to fix the problem with a patch.
    +Searching for the error message finds this Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744052 and the Debian package maintainer seems to fix the problem with a patch.
    
     ~~~~
     --- esniper-2.30.0.orig/http.c
    
     
  • I had the same issue. This fix is now no more working (see #677). Compiling CURL against openssl (not gnutls) did help on my side.

     
  • Aron Quells
    Aron Quells
    2014-10-27

    Markus, thanks for your quick reply in #677. How can I compile CURL against openssl? I am not a programmer, just a user :-( Could you be so kind to provide some instructions?

     
  • How can I compile CURL against openssl?

    Sorry that's out of the scope of this issue.

    But I have a strong candidate for this issue. I was wondering why it's working with curl/openssl and not curl/gnutls on my machine. This comment gave the correct answer:

    It seems we have the answer with gnutls 3.0
    [..] problem with GnuTLS 2.12.14.
    It appears to be commit 67f4dba6 from March 20th:
    "Avoided waiting for peer's retransmission to ensure receipt of finished
    messages, and used a 'timer'-like to retransmit packets."

    I compiled my curl against gnutls-3.2.18 and esniper is working again. I encountered this issue only with curl against gnutls-2.12.23 (which is the latest version considered stable at Gentoo).

    I believe this is a gnutls-2 only issue. If anybody has this problem, recompiling curl against openssl, gnutls-3 or any other ssl library (e.g. nss, which I didn't check) might help.

    I suggest to check in configure.in for "not gnutls-2".

     
    Last edit: Markus Malkusch 2014-10-27
  • zesaver
    zesaver
    2015-07-11

    Hello. I am struggling with the same issue at the moment:

    Latency: 0 seconds
    Auction 252016439937: Cannot connect to URL https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: Illegal parameter
    Cannot find auction - internet or eBay problem?
    Will try again after sleep.
    Sat Jul 11 12:57:52 2015: Sleeping for 8 minutes 1 seconds
    Latency: 1 seconds
    Auction 252016439937: Cannot connect to URL https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: Illegal parameter
    Cannot find auction - internet or eBay problem?
    Will try again after sleep.
    Auction 252016439937: Cannot connect to URL https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: Illegal parameter
    

    I am using Ubuntu 14.04. My curl is:

    $ curl -V
    curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
    Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp 
    Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
    

    It seems to me that my curl is compiled again OpenSSL, but the error is still here. Could you help me with this please?

     
  • On ubuntu, I fixed this issue by installing libcurl4-openssl-dev instead of libcurl4-gnutls-dev, then rebuild by make clean; configure ; make etc.

     
  • Bodo
    Bodo
    2015-08-17

    I got this error a few days ago and used the same fix.
    When I replaced the development library, aptitude found some conflicts because some other packages seem to depend on the GnuTLS version of libcurl. So I had to select a suitable conflict resolution.