question

Upvotes
Accepted
19 4 5 4

RTSDK C++ 2.1.1.L1 Error Curl failed to perform the request with text: SSL connect error

I use RTSDK C++ 2.1.1.L1

I need some help with this simple program. The program is based on the 112_MP_TunnelingConnection sample.

See below:


void AppClient::onRefreshMsg( const RefreshMsg& refreshMsg, const OmmConsumerEvent& )

{

cout << refreshMsg << endl; // defaults to refreshMsg.toString()

}


void AppClient::onUpdateMsg( const UpdateMsg& updateMsg, const OmmConsumerEvent& )

{

cout << updateMsg << endl; // defaults to updateMsg.toString()

}


void AppClient::onStatusMsg( const StatusMsg& statusMsg, const OmmConsumerEvent& )

{

cout << statusMsg << endl; // defaults to statusMsg.toString()

}


void printHelp()

{

cout << endl << "Options:\n" << " -?\tShows this usage\n"

<< " -tph Tunnelling Proxy host name \n"

<< " -tpp Tunnelling Proxy port number \n"

<< " -plogin User name on proxy server \n"

<< " -ppasswd Password on proxy server \n"

<< " -pdomain Proxy Domain \n"

<< " -sslCAStore the absolute path to the certification file (must endup with file name) \n"

<< " -clientId the Refinitiv clientId of the account \n"

<< " -userName the Refinitiv userName of the account \n"

<< " -password the Refintiv password of the account \n"

<< " -libCurlName the curl library name \n"

<< " -libCryptoName the crypto library name \n"

<< " -libSslName the ssl library name" << endl;

}


int main( int argc, char* argv[] )

{

try {


AppClient client;

OmmConsumerConfig config;


for (int i = 0; i < argc; i++)

{

if (strcmp(argv[i], "-?") == 0)

{

printHelp();

return 0;

}

else if (strcmp(argv[i], "-tph") == 0)

{

config.tunnelingProxyHostName(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-tpp") == 0)

{

config.tunnelingProxyPort(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-plogin") == 0)

{

config.proxyUserName(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-ppasswd") == 0)

{

config.proxyPasswd(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-pdomain") == 0)

{

config.proxyDomain(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-sslCAStore") == 0)

{

config.sslCAStore(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-clientId") == 0)

{

config.clientId(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-userName") == 0)

{

config.username(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-password") == 0)

{

config.password(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-libCurlName") == 0)

{

config.libcurlName(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-libCryptoName") == 0)

{

config.tunnelingLibCryptoName(i < (argc - 1) ? argv[++i] : NULL);

}

else if (strcmp(argv[i], "-libSslName") == 0)

{

config.tunnelingLibSslName(i < (argc - 1) ? argv[++i] : NULL);

}

}

OmmConsumer consumer(config);

consumer.registerClient(ReqMsg().serviceName("ELEKTRON_DD").name("EUR="), client);

std::this_thread::sleep_for(60000ms);

}

catch (const OmmException& excp) {

cout << excp << endl;

}

return 0;

}



So as you can see I wrote code to overwrite/set defaults for a bunch of things like sslCAStore , tunnelingLibCryptoName, libcurlName and so on.

This application is working perfectly on any machine I have ( and I tried on several ones) except on a client machine where this simple program reports back:

rsslRestClientImpl.c1632> Error: _rsslRestClientBlockingRequest() Curl failed to perform the request with text: SSL connect error


I have in the working folder all the required files like libcrypto-1_1_x64.dll, libcurl.dll. libema.dll, librssl.dll, librsslIVA.dll, libssl-1_1-x64.dll etc.
libcurl.dll is the one that is coming with the RTSDK itself so cannot be the wrong version.

Also running curl.exe command on client site seems to work as well but not the above code which is using libcurl.dll instead.


Again I cannot repro at all as is working all the time in my environments except on a client site no matter if we pass the cert file pointing or not to the libcurl.dll location and so on as per above code entry parameters options


Did anyone met this issue before ?

Thank you

#technologyrefinitiv-realtime-sdk
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
81.2k 266 53 76

@Ionut T

Thanks for reaching out to us.

You can create a simple CURL application that uses a CURL header file and library file in the RTSDK package. Then, enable the verbose log in the CURL library.

The code looks like this:

// CurlExample.cpp : This file contains the 'main' function. Program execution begins and ends there.
//


#include <iostream>
#include "curl/curl.h"


int main()
{
    std::cout << "Hello World!\n";
    CURL* curl;
    CURLcode res;


    curl_global_init(CURL_GLOBAL_DEFAULT);


    curl = curl_easy_init();
    if (curl) {
        curl_easy_setopt(curl, CURLOPT_URL, "https://api.refinitiv.com/auth/oauth2/v1/token");
        //curl_easy_setopt(curl, CURLOPT_CAINFO, "C:\\Program Files\\Common Files\\SSL\\cert.pem");
        curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
       
        res = curl_easy_perform(curl);
        /* Check for errors */
        if (res != CURLE_OK)
            fprintf(stderr, "curl_easy_perform() failed: %s\n",
                curl_easy_strerror(res));


        /* always cleanup */
        curl_easy_cleanup(curl);
    }


    curl_global_cleanup();
}

The output looks like this:

1687327692723.png


1687327692723.png (50.1 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
19 4 5 4

Thank you,

I think I might have found the answer and that is because the COMODO revocation server is not whitelisted in the organization therefore the :TLS cert validation fails so handshake fails etc.

Question:
How can I disable temporarily the revocation check to allow the TLS handshake to proceed, for testing purposes ( I need that in RTSDK C++ latest).

I know that this is a huge security risk and that is not the solution but I would like to try it if I can have the option to make sure that this is the root cause I am facing.


Can I do this for testing purposes ?
In an option in EmaConfig.xml that I can disable revocation checks or in C++ api code ?
How ?


Thank you.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Ionut T

The API doesn't provide any configuration to disable SSL checks and you can't disable SSL checks by API code.


To do that, you need to modify the RTSDK source code to disable SSL checks and you need to know how to disable it in CURL and OpenSSL.

Upvotes
19 4 5 4

Thank you guys,

Yes I did see some flags that will enable this for testing purposes but that will require to compile the sdk itself to change the behaviour.


I think my issue is solved now with the solution being my comment about the comodo revocation server being blocked by the firewall rules.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Ionut T

I submitted this request on GitHub.

Thank you Jirapongse, that would be really helpful, much appreciated. ;)

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.