Description
If an SSL transfer is made from curl 7.67.0 w/ OpenSSL and the server terminates the connection without giving an acceptable protocol termination point (eg in HTTP would be Content Length or chunked) and without the TLS termination point (close_notify alert), then curl error 56 may occur and the associated error message may contain text such as Success or No error.
Other SSL backends such as Schannel (Windows OS native SSL) have stricter behavior where we require a termination point, but I don't believe it was @bagder's intention to do this yet for OpenSSL (presumably because of the wide user base and compatibility). It has only been reported once so far, so we can assume it affects very few users.
Update: Fixed in 78cef06, the extra sensitivity is now disabled except in debug builds. If you are using 7.67.0 you may either cherry-pick that commit from the repo or apply it as a patch.
I did this
@bjo81 reports error curl: (56) OpenSSL SSL_read: Success at the end of transfer of https://www.presseportal.de
I am able to reproduce in Windows using curl-7_67_0 but the error message is different, likely due to OS differences:
> curld https://www.presseportal.de 1>NUL
curl: (56) OpenSSL SSL_read: No error
(In other words socket error is 0.)
SSL_read fails and then SSL_get_error() returns SSL_ERROR_SYSCALL because the server closed the connection without a proper shutdown (ie != SSL_ERROR_ZERO_RETURN). Prior to 0ab38f5 SSL_ERROR_SYSCALL on its own wasn't an error during SSL_read.
SYSCALL is not directly linked to a socket error, therefore the socket error may be 0. That may happen --as it does in this case-- when a server does not have a known termination point and no close_notify is sent, instead the connection is closed.
I expected the following
Debatable. IMHO technically it is correct to pass on the error, but if we were going to make this change I expected it to be rolled out slowly to only dev builds at first and let it marinate. This may be a breaking change for some users. And I don't like that the error text if the socket error is 0 may be "no error" or "success", that's sure to confuse.
Suggested remedy is disable this behavior for release builds, see #4623.
curl/libcurl version
curl 7.67.0 (i386-pc-win32) libcurl/7.67.0 OpenSSL/1.0.2t nghttp2/1.40.0
curl: (56) OpenSSL SSL_read: No error
curl 7.67.0 (i386-pc-win32) libcurl/7.67.0 wolfSSL/4.2.0 nghttp2/1.40.0
(exit code 0)
curl 7.67.0 (i386-pc-win32) libcurl/7.67.0 Schannel WinIDN
curl: (56) Failure when receiving data from the peer
operating system
Windows 7 Enterprise