Description: WebDav connection issue Can neither open nor save back from the network. Curl update regression: Failed connection to Micro Focus Vibe WebDav Server Since commit ed6eeb2496a1989856de312152b64401bb600300 "curl: upgrade to release 7.88.1", ucb cannot connect to Micro Focus Vibe WebDav Server with the "NSS error -12172 (SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID)" and "SSL received invalid ALPN extension data." error messages. Log: info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: STATE: INIT => CONNECT handle 0x55cdf3834198; line 1933 (connection #-5000) info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: Added connection 2. The cache now contains 1 members info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: Hostname xxxx.xx.xxx.xx was found in DNS cache info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: STATE: CONNECT => CONNECTING handle 0x55cdf3834198; line 1989 (connection #2) info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: Trying xx.xxx.xx.xxx:443... info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: Connected to xxxx.xx.xxx.xx (xx.xxx.xx.xxx) port 443 (#2) info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: WARNING: failed to load NSS PEM library libnsspem.so. Using OpenSSL PEM certificates will not work. info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: CAfile: none info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: CApath: none info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: ALPN: offers http/1.0 info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: NSS error -12172 (SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID) info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: SSL received invalid ALPN extension data. info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: multi_done: status: 35 prem: 1 done: 0 info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: multi_done, not re-using connection=2, forbid=0, close=1, premature=1, conn_multiplex=0 info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: The cache now contains 0 members info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: Curl_disconnect(conn #2, dead=1) info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: Closing connection 2 info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:288: debug log: 0x55cdf3834198: Expire cleared (transfer 0x55cdf3834198) warn:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:963: curl_easy_perform failed: (35) SSL received invalid ALPN extension data. info:ucb.ucp.webdav.curl:9805:9805:ucb/source/ucp/webdav-curl/CurlSession.cxx:1340: DAVException; (first) 0 bytes of data received: warn:ucb.ucp.webdav:9805:9805:ucb/source/ucp/webdav-curl/webdavcontent.cxx:3842: Content::getResourceType returned errors, DAV ExceptionCode: 5, HTTP error: 0 Steps to Reproduce: . Actual Results: . Expected Results: . Reproducible: Always User Profile Reset: No Additional Info: .
@Michael: Unfortunately, the newly repaired Vide WebDav connection is broken again. According to the commit description of the Curl 7.88.1 update ("Fixes CVE-2023-23916, 2 CVEs that probably don't affect LO."), can we revert this update, until the problem is fixed in Curl?
Is this the same issue as bug 154223?
(In reply to Stéphane Guillou (stragu) from comment #2) > Is this the same issue as bug 154223? @Stéphane: That contains two problems. The first one is an old problem. The second one is similar, but with different NSS bug numbers and WebDav server. I hope, reverting the Curl update can fix that problem, too.
from my understanding CVE-2023-23916 was just a DoS problem so not so severe, likely reverting that upgrade in your builds shouldn't cause problems.
(In reply to Michael Stahl (allotropia) from comment #4) > from my understanding CVE-2023-23916 was just a DoS problem so not so > severe, likely reverting that upgrade in your builds shouldn't cause > problems. Thanks, Michael! In that case I suggest to revert the curl upgrade in 7.4, because that upgrade was committed at the end of the line of 7.4 in a bug fix release, resulting severe problems for the users of a stable release. We are going to test the next upcoming curl update in LO 7.5 and master, and report the results, hoping that will solve this issue there, too. The suggested fix: https://gerrit.libreoffice.org/c/core/+/149141
8.0.0 was released today with another not-very-important CVE: https://gerrit.libreoffice.org/c/core/+/149153 hope it will fix your problem, if not it might be helpful to "git bisect" in curl to find what caused the regression.
(In reply to Michael Stahl (allotropia) from comment #6) > 8.0.0 was released today with another not-very-important CVE: > > https://gerrit.libreoffice.org/c/core/+/149153 > > hope it will fix your problem, if not it might be helpful to "git bisect" in > curl to find what caused the regression. @Michael: It fixed, as reported by Attila Bakos. Many thanks for the quick fix!
VERIFIED IN: Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 67bb7f71b785d3d831ffaa47262b6cbd84e71c42 CPU threads: 8; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win Locale: hu-HU (hu_HU); UI: hu-HU Calc: CL threaded