How to get more info on cURL 35 error?

Hello,

the updater of my owncloud installation (10.0.0 to 10.0.10) is exiting with cURL error 35: SSL connect error
I already read all available posts about it and searched the internet. It seems to be an issue with either

  • old chipers used by cURL
  • not recognised certificate

Anyway, the error message is much too general to work on a solution from there. Is there a way to get a more specific information of what goes wrong with cURL? There are no entries in the owncloud.log though. :-/

I already tried to run the command curl -v https://download.owncloud.org and it connected without problems.

Hey,

from what i have read in the past the curl error is not about any remote system but about your own installation of ownCloud where the updater app is trying to connect to.

If you can’t find any solution for this maybe you could try to do the manual way of updating. With this i did all of my updates in the past without any such issues.

Thank you for your time to reply. Of course the problem is on my side. But I have root access to the server, so I want to find out what the problem is and solve it. That’s why I asked, how I can get additional error information rather than " SSL connect error to correct the problem. And I want to correct the problem, not install every minor release manually.

Hey,

maybe you can find some additional information on this in the PHP logfiles or a configuration in curl to make the message more verbose? From what i know curl is a PHP module which is used by ownCloud so additional logging could be end up there.

It seems additional information are also available in the curl manual:

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.

which i had found here: https://curl.haxx.se/libcurl/c/libcurl-errors.html

Sure, i think this is fully understandable. But if i’m searching here in the forums for this curl 35 error:

https://central.owncloud.org/search?q=%22curl%22%20%22error%2035%22

i’m finding many people already trying this without much success. Sometimes one needs to go a different way if the initial issue can’t be solved. :frowning_face:

Additionally i have read from so many problems about the updater app in the past (e.g. https://github.com/owncloud/core/issues/34625#issuecomment-468438973 is the most recent where an update from 10.0.10 to 10.1.0 isn’t offered ). :frowning_face:

Because of such recurring issues i personally wouldn’t spend much time into fixing issues with that updater app and chose the more reliable (but maybe a little bit more time consuming) alternative to update manually.

Ok, thanks. In the end I found some sort of solution:

If you get this very general cURL 35 error, you have to get more information on what is wrong. If the software that uses cURL is not yours you have to search where the programmer set the options for running cURL to turn on verbosity.

To find this, I searched the owncloud code for the curl_setop command using grep:
cd /directory/to/owncloud
grep -r curl_setop *

Then I got around 20 entries. As I knew the problem was somewhere with the updater I looked at this file:
/updater/vendor/guzzlehttp/ringphp/src/Client/CurlFactory.php

Here the curl options are defined using PHP function curl_setopt_array($handle, $options);
So I needed to add the verbosity option to the $options array, So before the code calls curl_setopt_array($handle, $options); I added a new option for the options array:
$options[CURLOPT_VERBOSE] = true;

I saved the file and ran the updater again. Now you should see your specific cURL error. Either directly on your screen or in the error log of the web server.

In my case I saw the following error:
Web executor is not allowed to run from a host

By googling the web I found that somehow I needed to allow my own host in the file:
/path/to/owncloud/core/Controller/OccController.php

There was a line:
$allowedHosts = [’::1’, ‘127.0.0.1’, ‘localhost’];
and I added my servers IP to the list:
`$allowedHosts = [’::1’, ‘127.0.0.1’, ‘localhost’, ];

Then I saved the file and now the updater works.

1 Like

Hey,

i think this is really great debugging stuff you have done here. :+1:

Maybe you could let the core developers of ownCloud to know about this on https://github.com/owncloud/core/issues so that you could e.g. use a configuration option to increase logging verbosity instead of doing own code modifications?

Maybe ownCloud could add the own IP to this code as well to circumvent such situations? I think this could be reported to https://github.com/owncloud/core/issues as well.