SSL Errors

I’ve seen this on and off for a while but now other bugs are being fixed its popping to the top of the list and I still don’t have a clue what’s going wrong - if someone can tell me the problem in the libcurl output below I’d be rather grateful!

I communicate with AWS’ SQS service via Http. The connection is this rolling 30s request - if there is a message remotely it returns right away, if not it hangs out for the 30 seconds and then returns nothing and I repost the request.

For fun there is a C# server running in ec2 that is processing the messages, this uses standard aws C# libraries and isn’t the problem as far as I can tell.

The problem is that sometimes connection just stops working. As far as I can tell the client loses it’s ability to receive messages and continues to behave like that until I stop the program in the editor and relaunch. This seems limited to PC but that is the platform I develop on mostly - so this could just be statistical likelihood.

Very likely a bug in my queue management code but I do tend to see SSL errors around the time of the problem (so perhaps a bug in my http request setup?). Here’s an example:

LogHttp:Warning: 000001F091035480: request failed, libcurl error: 0 (No error)
LogHttp:Warning: 000001F091035480: libcurl info message cache 0 (Found bundle for host sqs.us-west-2.amazonaws.com: 0x1f058434ec8 [can pipeline])
LogHttp:Warning: 000001F091035480: libcurl info message cache 1 (Hostname sqs.us-west-2.amazonaws.com was found in DNS cache)
LogHttp:Warning: 000001F091035480: libcurl info message cache 2 (  Trying 54.240.250.254...)
LogHttp:Warning: 000001F091035480: libcurl info message cache 3 (Connected to sqs.us-west-2.amazonaws.com (54.240.250.254) port 443 (#300))
LogHttp:Warning: 000001F091035480: libcurl info message cache 4 (ALPN, offering http/1.1)
LogHttp:Warning: 000001F091035480: libcurl info message cache 5 (Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH)
LogHttp:Warning: 000001F091035480: libcurl info message cache 6 (SSL re-using session ID)
LogHttp:Warning: 000001F091035480: libcurl info message cache 7 (TLSv1.2 (OUT), TLS handshake, Client hello (1):)
LogHttp:Warning: 000001F091035480: libcurl info message cache 8 (TLSv1.2 (IN), TLS handshake, Server hello (2):)
LogHttp:Warning: 000001F091035480: libcurl info message cache 9 (NPN, negotiated HTTP1.1)
LogHttp:Warning: 000001F091035480: libcurl info message cache 10 (TLSv1.2 (IN), TLS change cipher, Client hello (1):)
LogHttp:Warning: 000001F091035480: libcurl info message cache 11 (TLSv1.2 (IN), TLS handshake, Finished (20):)
LogHttp:Warning: 000001F091035480: libcurl info message cache 12 (TLSv1.2 (OUT), TLS change cipher, Client hello (1):)
LogHttp:Warning: 000001F091035480: libcurl info message cache 13 (TLSv1.2 (OUT), TLS handshake, Unknown (67):)
LogHttp:Warning: 000001F091035480: libcurl info message cache 14 (TLSv1.2 (OUT), TLS handshake, Finished (20):)
LogHttp:Warning: 000001F091035480: libcurl info message cache 15 (SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256)
LogHttp:Warning: 000001F091035480: libcurl info message cache 16 (ALPN, server did not agree to a protocol)
LogHttp:Warning: 000001F091035480: libcurl info message cache 17 (Server certificate:)
LogHttp:Warning: 000001F091035480: libcurl info message cache 18 (    subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=us-west-2.queue.amazonaws.com)
LogHttp:Warning: 000001F091035480: libcurl info message cache 19 (    start date: Oct 14 00:00:00 2016 GMT)
LogHttp:Warning: 000001F091035480: libcurl info message cache 20 (    expire date: Oct 28 23:59:59 2017 GMT)
LogHttp:Warning: 000001F091035480: libcurl info message cache 21 (    subjectAltName: sqs.us-west-2.amazonaws.com matched)
LogHttp:Warning: 000001F091035480: libcurl info message cache 22 (    issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Secure Server CA - G4)
LogHttp:Warning: 000001F091035480: libcurl info message cache 23 (    SSL certificate verify ok.)
LogHttp:Warning: 000001F091035480: libcurl info message cache 24 (Closing connection 300)
LogHttp:Warning: 000001F091035480: libcurl info message cache 25 (TLSv1.2 (OUT), TLS alert, Client hello (1):)

In this particular case my code got no errors (i.e. http requests return with error codes, or corrupt data) and seemed to just keep working.

Of course now I’m focussing on this its not happening - which might indicate some timing issue triggered by breakpoints being hit, or the client cycling.

And yeah - I’ve tried to simulate those issues and failed so far.

Too many words already, just trying to get the state of play down.

My PC is on a wireless connection. I can understand the connection dropping and the code is intended to be tolerant of this.

I don’t understand my inability to get it to rejoin after failure (again not related to above)

I found that the code often failing this statement (CurlHttp.cpp):

if (Response.IsValid() &&
	Response->bSucceeded)
{

But

CurlCompletionResult == 0.

I also found a bug in my code that was failing to correctly deal with an erroring connection and could subsequently hold a FHttpRequestPtr to the failed request. Since fixing this things are more stable - but this bug would come and go so I’m not going to call it fixed.

Since fixing this stability seems better.

For completeness another change I made was to remove "; charset=utf-8" from my Content-Type header. I must have copied this from somewhere during my initial SQS implementation.
Content-Type is now "application/x-www-form-urlencoded"

^^^^ not true anymore.

While communication seems more consistent now I’m still getting a bunch of warnings after having my computer (with app running) asleep through the night:

LogHttp:Warning: 000001273961AC80: request failed, libcurl error: 0 (No error)
LogHttp:Warning: 000001273961AC80: libcurl info message cache 0 (Found bundle for host sqs.us-west-2.amazonaws.com: 0x126ed7c7538 [can pipeline])
LogHttp:Warning: 000001273961AC80: libcurl info message cache 1 (Re-using existing connection! (#2811) with host sqs.us-west-2.amazonaws.com)
LogHttp:Warning: 000001273961AC80: libcurl info message cache 2 (Connected to sqs.us-west-2.amazonaws.com (54.240.249.101) port 443 (#2811))
LogHttp:Warning: 000001273961AC80: libcurl info message cache 3 (Closing connection 2811)
LogHttp:Warning: 000001273961AC80: libcurl info message cache 4 (TLSv1.2 (OUT), TLS alert, Client hello (1):)

Okay - its possible I’ve fixed these connection issues, but I’ve thought that before so will give them a couple of days to return.

AWS SQS queues have a Receive Time settings, which I had set to 0. Now I’ve upped this to 20 seconds (I’m using what they call long polling) and the errors seem to have gone away - expect when I interrupt the connection.

As I say I’ve thought I’ve fixed these problems before so fingers crossed I can close this out in couple of days!

Seems like the problem was the Queue setup at the AWS side - needed to have the receive time set to allow the connection to persist.

Sorry for being dumb but how do you do this because i have the same problem

When you create the queue set ReceiveMessageWaitTimeSeconds to 20. Not sure how you’re creating yours - mine is via a http request.

I’ll be honest a lot of code has passed under the bridge since this problem and I’ve forgotten the details/

Ok ill look into that thanks

An SSL certificate error occurs when the SSL certificate installed on a domain is unable to be checked by a web browser. Your browser will show an error message instead of logging in, informing you that the site might be unsafe. Depending on two variables, this message will look different. The first is the browser that you use.
If you want other SSL Certificates so please click here

An SSL certificate error occurs when the SSL certificate installed on a domain is unable to be checked by a web browser. Your browser will show an error message instead of logging in, informing you that the site might be unsafe. Depending on two variables, this message will look different. The first is the browser that you use.
If you want other SSL Certificates so please click here