http://bugzilla.suse.com/show_bug.cgi?id=1135761 Bug ID: 1135761 Summary: network:libisds fails to build due to curl forcing libopenssl to write to a dead socket Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: tchvatal@suse.com Reporter: jslaby@suse.com QA Contact: qa-bugs@suse.de CC: pmonrealgonzalez@suse.com, vcizek@suse.com Found By: --- Blocker: --- network:libisds does not build as the build dies while running make check:

FAIL: certificate_user_password_authentication ==============================================

Disabling server identity verification. That was your decision. Connection accepted TLS handshake failed: Certificate is required. Disabling server identity verification. That was your decision. Connection accepted Client sent certificate: subject `C=CZ,CN=The Server', issuer `C=CZ,CN=The Authority', serial 0x55eb09ea03dc5d51, RSA key 2048 bits, signed using RSA-SHA256, activated `2015-09-05 15:27:39 UTC', expires `2065-08-23 15:27:43 UTC', pin-sha256="93S4S1wHWCn7JAHy0aOEGwkdFMhK2/A4QepU5TkZlz0=" Client's certificate is valid. Client is not authorized: Client's distinguished name `CN=The Server,C=CZ' does not match required name `CN=The Client,C=CZ'. TLS handshake failed: Error in the certificate.

It only silently dies. This happens only inside KVM (i.e. on OBS). Running the test under gdb reveals that the process receives SIGPIPE:

Program received signal SIGPIPE, Broken pipe. #0 0x00007ffff7b9b734 in __GI___libc_write (fd=4, buf=buf@entry=0x5555555e3f73, nbytes=nbytes@entry=24) at ../sysdeps/unix/sysv/linux/write.c:26 #1 0x00007ffff77c1895 in sock_write (b=0x5555555d6d90, in=0x5555555e3f73 "\027\003\003", inl=24) at crypto/bio/bss_sock.c:114 #2 0x00007ffff77bcbba in bwrite_conv (bio=<optimized out>, data=<optimized out>, datal=<optimized out>, written=0x7fffffffcc10) at crypto/bio/bio_meth.c:77 #3 0x00007ffff77bbc13 in bio_write_intern (written=0x7fffffffcc10, dlen=24, data=0x5555555e3f73, b=0x5555555d6d90) at crypto/bio/bio_lib.c:343 #4 bio_write_intern (b=0x5555555d6d90, data=0x5555555e3f73, dlen=24, written=0x7fffffffcc10) at crypto/bio/bio_lib.c:320 #5 0x00007ffff77bc0b3 in BIO_write (b=<optimized out>, data=<optimized out>, dlen=<optimized out>) at crypto/bio/bio_lib.c:363 #6 0x00007ffff704aff7 in ssl3_write_pending (s=s@entry=0x5555555da9c0, type=type@entry=21, buf=buf@entry=0x5555555d9140 "\001", len=len@entry=2, written=written@entry=0x7fffffffdd80) at ssl/record/rec_layer_s3.c:1146 #7 0x00007ffff704bf41 in do_ssl3_write (s=s@entry=0x5555555da9c0, type=type@entry=21, buf=0x5555555d9140 "\001", pipelens=pipelens@entry=0x7fffffffdd78, numpipes=numpipes@entry=1, create_empty_fragment=create_empty_fragment@entry=0, written=0x7fffffffdd80) at ssl/record/rec_layer_s3.c:1107 #8 0x00007ffff70559a9 in ssl3_dispatch_alert (s=0x5555555da9c0) at ssl/s3_msg.c:78 #9 0x00007ffff7053ab5 in ssl3_shutdown (s=0x5555555da9c0) at ssl/s3_lib.c:4418 #10 0x00007ffff705ebdf in SSL_shutdown (s=0x5555555da9c0) at ssl/ssl_lib.c:2074 #11 0x00007ffff7a857e5 in ossl_close (connssl=<optimized out>) at vtls/openssl.c:1256 #12 0x00007ffff7a85851 in Curl_ossl_close (conn=0x5555555d02e0, sockindex=<optimized out>) at vtls/openssl.c:1273 #13 0x00007ffff7a3ea8e in conn_shutdown (conn=0x5555555d02e0) at url.c:684 #14 Curl_disconnect (data=0x5555555b63d0, dead_connection=true, conn=0x5555555d02e0) at url.c:822 #15 Curl_disconnect (data=data@entry=0x5555555b63d0, conn=conn@entry=0x5555555d02e0, dead_connection=dead_connection@entry=true) at url.c:778 #16 0x00007ffff7a533ff in multi_done (data=data@entry=0x5555555b63d0, status=status@entry=CURLE_RECV_ERROR, premature=<optimized out>, premature@entry=true) at multi.c:627 #17 0x00007ffff7a5496c in multi_runsingle (multi=multi@entry=0x5555555ae920, now=..., data=data@entry=0x5555555b63d0) at multi.c:1917 #18 0x00007ffff7a55059 in curl_multi_perform (multi=multi@entry=0x5555555ae920, running_handles=running_handles@entry=0x7fffffffe184) at multi.c:2138 #19 0x00007ffff7a4bcea in easy_transfer (multi=0x5555555ae920) at easy.c:625 #20 easy_perform (events=false, data=0x5555555b63d0) at easy.c:719 #21 curl_easy_perform (data=0x5555555b63d0) at easy.c:738 #22 0x00007ffff7fbbb87 in http (context=context@entry=0x5555555ab7e0, url=url@entry=0x5555555af270 "https://127.0.0.1:34893/certds/DS/dz", use_get=use_get@entry=false, request=0x5555555b7af0, request_length=179, response=response@entry=0x7fffffffe390, response_length=0x7fffffffe398, mime_type=0x7fffffffe380, http_code=0x7fffffffe388, response_otp_headers=0x0, charset=0x0) at soap.c:912 #23 0x00007ffff7fbc767 in http (use_get=false, charset=0x0, response_otp_headers=<optimized out>, http_code=0x7fffffffe388, mime_type=0x7fffffffe380, response_length=0x7fffffffe398, response=0x7fffffffe390, request_length=<optimized out>, request=<optimized out>, url=0x5555555af270 "https://127.0.0.1:34893/certds/DS/dz", context=0x5555555ab7e0) at soap.c:578 #24 _isds_soap (context=context@entry=0x5555555ab7e0, file=file@entry=0x7ffff7fbefc2 "DS/dz", request=request@entry=0x5555555afa80, response_document=response_document@entry=0x0, response_node_list=response_node_list@entry=0x0, raw_response=raw_response@entry=0x0, raw_response_length=0x0) at soap.c:1226 #25 0x00007ffff7fa5956 in isds_login (context=0x5555555ab7e0, url=0x5555555ac0f0 "https://127.0.0.1:34893/", username=0x555555560088 "douglas", password=0x555555560090 "42", pki_credentials=0x7fffffffe520, otp=<optimized out>) at isds.c:1459 #26 0x00005555555580d2 in test_login (error=IE_SECURITY, context=0x5555555ab7e0, url=<optimized out>, username=<optimized out>, password=<optimized out>, pki_credentials=<optimized out>, otp=0x0) at certificate_user_password_authentication.c:37 #27 0x0000555555557aa7 in main () at certificate_user_password_authentication.c:127

I.e. openssl tried to write to a dead socket (from lsof):

certifica 8963 abuild 4u sock 0,9 0t0 31810 protocol: TCP

To me, it seems that curl should not invoke openssl when the socket is dead already. -- You are receiving this mail because: You are on the CC list for the bug.