Operating System - OpenVMS
1748202 Members
3146 Online
108759 Solutions
New Discussion юеВ

cURL / SSL failure on OVMS V8.3-1H1

 
charlie watkins
Occasional Advisor

cURL / SSL failure on OVMS V8.3-1H1

I'm having a problem wigh cURL on our new BL870c's. The port of cURL for I64 from curl.haxx.se is aborting as indicated below. Any help would be appreciated:

HP TCP/IP Services for OpenVMS Industry Standard 64 Version V5.6 - ECO 4
on an HP BL870c (1.59GHz/12.0MB) running OpenVMS V8.3-1H1

SSL is HP I64VMS SSL V1.3-284

curl 7.19.5 (IA64-HP-VMS) libcurl/7.19.5 OpenSSL/0.9.7e
Protocols: tftp ftp telnet dict http file https ftps
Features: NTLM SSL


We get this error any time we try to connect.


curl -vku userhame:password --ftp-ssl ftp://host_name:21
* About to connect() to host_name port 21 (#0)
* Trying ip_adress... connected
* Connected to host_name (ip address) port 21 (#0)
< 220-TCPFTP1 IBM FTP CS V1R7 AT HOST_NAME, 18:37:19 ON 2009-09-28.
< 220-WELCOME TO THE STATE OF XXXXXX FTP SERVER.
< 220-IF YOU HAVE QUESTIONS PLEASE CALL THE ITSD HELP DESK AT XXX-XXX.
< 220 CONNECTION WILL CLOSE IF IDLE FOR MORE THAN 10 MINUTES.
> AUTH SSL
< 234 SECURITY ENVIRONMENT ESTABLISHED - READY FOR NEGOTIATION
* libcurl is now using a weak random seed!
%SYSTEM-F-ACCVIO, access violation, reason mask=04, virtual address=FFFFFFFF80019F48, PC=000000000015C2E1, PS=0000001B
%TRACE-F-TRACEBACK, symbolic stack dump follows
image module routine line rel PC abs PC
SSL$LIBSSL_SHR 0 00000000000522E1 000000000015C2E1
CURL SSLUSE ossl_connect_common 65717 0000000000008272 00000000000A68D2
CURL SSLUSE Curl_ossl_connect 66694 000000000000A6E2 00000000000A8D42
CURL SSLGEN Curl_ssl_connect 63038 0000000000000D12 00000000000BCAD2
CURL FTP ftp_statemach_act 66996 0000000000004852 000000000006D572
CURL FTP ftp_easy_statemach 67334 0000000000009342 0000000000072062
CURL FTP ftp_connect 67451 0000000000009942 0000000000072662
CURL URL Curl_protocol_connect 69677 000000000000A262 000000000005A1E2
CURL URL Curl_connect 71308 000000000000FEC2 000000000005FE42
CURL TRANSFER Curl_perform 68683 0000000000006F82 00000000000B0CE2
CURL EASY curl_easy_perform 66424 0000000000000972 0000000000046BE2
CURL MAIN operate 28253 0000000000010722 0000000000040722
CURL MAIN main 28556 0000000000011DD2 0000000000041DD2
CURL MAIN __main 28545 0000000000011D22 0000000000041D22
0 FFFFFFFF80BA1C92 FFFFFFFF80BA1C92
DCL 0 000000000006BAF2 000000007AE1BAF2
%TRACE-I-END, end of TRACE stack dump


We previously used the system and software below, and that worked.


HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 2
on an AlphaServer GS320 6/1001 running OpenVMS V8.2

HP AXPVMS SSL V1.2

curl 7.19.0 (ALPHA-HP-VMS) libcurl/7.19.0 OpenSSL/0.9.7d
Protocols: tftp ftp telnet dict http file https ftps
Features: NTLM SSL
3 REPLIES 3
John Gillings
Honored Contributor

Re: cURL / SSL failure on OVMS V8.3-1H1

Charlie,

This is not a security issue, it's just a common or garden programming bug! The ACCVIO just means trying to access memory that doesn't exist.

The mask says code is trying to WRITE to memory. The VA suggests a 32bit address has been incorrectly sign extended to 64 bits and referenced as a pointer.

You'll need to go back to whoever did the port. Give them the traceback listing so they can work out where the pointer comes from and fix the code to correctly handle the 64 bit addresses.
A crucible of informative mistakes
John Gillings
Honored Contributor

Re: cURL / SSL failure on OVMS V8.3-1H1

BTW, one reason this might have "worked" on Alpha, but not in IA64.

On Alpha all addresses in the range 80000000 to 8FFFFFFF belong to system space. All user mode addresses are below 7FFFFFFF, which all sign extend to 64 bits without change, thereby masking any sign extension errors on Alpha.

On IA64, some of that 8xxxxxxxx range is available for usermode, so a sign extension bug may be exposed.
A crucible of informative mistakes
charlie watkins
Occasional Advisor

Re: cURL / SSL failure on OVMS V8.3-1H1

Thanks for your input, John. It led me to dig a little more. The cURL port from curl.haxx.se comes in three version: hpssl, openssl and nossl. I abandoned the hpssl for the openssl version and all is well - which is all I wanted.