curl: (35) SSL connect error
monaengine opened this issue · 4 comments
Hello,
with the latest version of the program, rewrite_proposal_v2.0 after issue #51 , appears the error in object.
My environment has installed the following programs:
Zimbra 8.0.6
libcurl-7.19.7-37.el6_4.x86_64
curl-7.19.7-37.el6_4.x86_64
openssl-1.0.1e-16.el6_5.7.x86_64
Operating System:
CentOS release 6.5 (Final)
During backups, both full and incremental, the error appears.
Never occurs during the backup of the same user, but it happens randomly.
Here the log backup of this night:
[root@mail backup]# tail backup_INC_20140624.log
2014-06-24 02:02:22 DEBUG: user1@domain1 - generated tar file /mnt/backup/user1@domain1/20140624020222:INC.tar
2014-06-24 02:02:22 DEBUG: user1@domain1 - backup size is 0
2014-06-24 02:02:22 DEBUG: user1@domain1 - END in 0secs,
2014-06-24 02:02:22 DEBUG: user2@domain2 - Last backup from 20/06/2014 02:00:38 ...
2014-06-24 02:02:22 DEBUG: user2@domain2 - START INC backup ...
2014-06-24 02:02:22 DEBUG: user2@domain2 - Doing ldap backup ...
2014-06-24 02:02:22 DEBUG: user2@domain2 - ldap backup complete
2014-06-24 02:02:22 DEBUG: user2@domain2 - Doing mailbox backup ...
2014-06-24 02:02:22 DEBUG: user2@domain2 - Doing mailbox backup ...
curl: (35) SSL connect error
[root@mail backup]#
When the error appears in the script exits and missing user are not saved.
In the zmbkpose.conf I disabled the parallel backups.
Launch the script command as follows:
su - zimbra-c "/usr/local/bin/zmbkpose -i" >> $ LOG 2> & 1
or
su - zimbra-c "/usr/local/bin/zmbkpose -f" >> $ LOG 2> & 1
There is a sporadic curl error in SSL negotiation. it was treated in issue #35 on commit da86ece from Sep 18, 2013.
I think there is not much you can do about this problem of ssl and curl, however in the above commit, was modified, then curl make 4 attempts before finally fail. In each attempt you can see a log saying:
"Retry $i to https://$mailhost:7071 by SSL error"
I can not see this in your logs.
Could tell me if /usr/local/bin/zmbkpose in zimbra_mailbox_backup() function, line 307, has the follow lines that perform several attempts? :
'''
function zimbra_mailbox_backup()
{
local mailbox="$1"
local mailhost="$2"
local search_query="$3"
local backup_file=$4
[ -n "$search_query" ] && search_query="&$search_query"
#Because sporadic ssl error, we will try several times. See issues 35.
for i in 1 2 3 4;do
if ! $CURL_cmd $CURL_args -u $ADMINUSER:$ADMINPASS -o "$backup_file" \
"https://$mailhost:7071/home/$mailbox/?fmt=tgz$search_query" ;then
case $? in
35) debug "Retry $i to https://$mailhost:7071 by SSL error";continue ;;
*) return 1;; #Another errors
esac
fi
return 0
done
'''
The function seems to correctly implemented, but when encounters an curl error the script exit
function zimbra_mailbox_backup()
{
local mailbox="$1"
local mailhost="$2"
local search_query="$3"
local backup_file=$4
[ -n "$search_query" ] && search_query="&$search_query"
#Because sporadic ssl error, we will try several times. See issues 35.
for i in 1 2 3 4;do
if ! $CURL_cmd $CURL_args -u $ADMINUSER:$ADMINPASS -o "$backup_file" \
"https://$mailhost:7071/home/$mailbox/?fmt=tgz$search_query" ;then
case $? in
35) debug "Retry $i to https://$mailhost:7071 by SSL error";continue ;;
*) return 1;; #Another errors
esac
fi
return 0
done
return 1
}
Sorry, it is a bug. I changed a bit the code, generating the issue52 branch.
You can download and replace file zmbkpose with the modified version. Get it of the main page https://github.com/bggo/Zmbkpose , selecting branch issue52, or from
https://raw.githubusercontent.com/bggo/Zmbkpose/issue52/src/zmbkpose
Please, tell me if it worked.
Now the function code is : '''
function zimbra_mailbox_backup()
{
local mailbox="$1"
local mailhost="$2"
local search_query="$3"
local backup_file=$4
[ -n "$search_query" ] && search_query="&$search_query"
#Because sporadic ssl error, we will try several times. See issues 35.
for i in 1 2 3 4;do
ret=0; $CURL_cmd $CURL_args -u $ADMINUSER:$ADMINPASS -o "$backup_file" \
"https://$mailhost:7071/home/$mailbox/?fmt=tgz$search_query" || ret=$?
case $ret in
35) debug "Try $i to https://$mailhost:7071 failed by SSL error";;
0) return 0;;
*) debug "Curl exiting with error code $ret"; return 1;;
esac
done
error "Backup failed after several attempts"
return 1
}
'''
work fine! thank you