Menu

#686 SSL connect error: gnutls_handshake() failed -> compile with openssl instead of gnutls to fix

v1.0 (example)
closed
Bodo
None
5
2015-07-13
2015-07-09
Andriy Kramar
No

Hi,
Receiving this error message:
"Auction 261951954906: Cannot connect to URL https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: SSL connect error: gnutls_handshake() failed: A TLS fatal alert has been received."
esniper version 2.31.0
libcurl/7.22.0 GnuTLS/2.12.14 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Recompiling esniper does not help.
This bug shows up ocassionally (some esniper calls go just fine) however frequently enough to be disturbing.
No esniper.*.bug.html generated.

Discussion

  • Andriy Kramar

    Andriy Kramar - 2015-07-09

    No, this problem is not related to CA certificate.

     

    Last edit: Andriy Kramar 2015-07-09

  • Bodo

    Bodo - 2015-07-09

    What about the option CURLOPT_SSL_VERIFYPEER you mentioned in the initial version of your comment? Does it help or not?

    I guess you added something like this to initCurlStuff(), right?

            if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYPEER, 0)))
                return initCurlStuffFailed();

    We noticed SSL problems from time to time. Sometimes the problem could be fixed by switching from GnuTLS to OpenSSL or vice versa. At some time we tried to force SSLv3 in initCurlStuff() to avoid some error, but this was removed later due to bug#677.

    Previously some users reported general problems with libcurl and SSL connections which affected other programs as well. I guess the problems occurred after version changes of GnuTLS, OpenSSL, libcurl or related packages.

    Esniper simply uses CURL and SSL libraries. The problem might or might not be related to specific options esniper sets for libcurl. So if you know some additional, modified or removed CURL options to fix the problem, I will apply the proposed fix.

    It's difficult to find out if it is possible to fix the problem by modifications in esniper's source code.

     

    • Andriy Kramar

      Andriy Kramar - 2015-07-09

      Hi.
      Code was like this:

      curlrc = curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYPEER, 0);

      As far as I see it now: NO it doesn't help. It looked like solution for few tries, but then it started again. So, for now i think this bug just shows up randomly, e.g. when esniper call is routed to some specific ebay cluster node.
      Yes, I've recompiled esniper with OpenSSL and now wait to get some reliable statistics.

       

  • Velociraptor

    Velociraptor - 2015-07-12

    I recompiled esniper with libcurl4-openssl-dev and for now it seems to work

     

  • Andriy Kramar

    Andriy Kramar - 2015-07-13

    I confirm that recompiling with openssl fixes the problem.

     

  • Bodo

    Bodo - 2015-07-13
    • summary: SSL connect error: gnutls_handshake() failed --> SSL connect error: gnutls_handshake() failed -> compile with openssl instead of gnutls to fix
    • status: open --> closed
    • assigned_to: Bodo
     

  • Bodo

    Bodo - 2015-07-13

    Compiling with openssl fixes the Problem as confirmed by two users. That's why the bug will be closed.

     

Log in to post a comment.

MongoDB Logo MongoDB