What is "curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 73" telling me?

1

What does this cURL error mean and where can I find more related information?

curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 73

I'm writing a shell script to query the Splunk API. In some cases, after 5 minutes, I get this error. Sometimes I can rerun the script and the error goes away and I get my desired output.

Here is what I see on my terminal.

  % Total    % Received % Xferd  Average Speed          Time             Curr.
                                 Dload  Upload Total    Current  Left    Speed
  0     0    0     0    0     0      0      0 --:--:--  0:05:01 --:--:--     0
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 73

A sample search is this. I'll substitute "spock" for a hosthame. This search does succeed on other hosts, so this specific search isn't somehow incorrect and causing the problem.

search index=os_nix host=spock source=/var/adm/messages latest=-30d NOT snmpd authentication (error OR fail OR failure) | head

I am building my command like this.

URLPROTO='https://'
URLHOST='splunkapi.example.com'
URLPORT=':8089'
URLDIR='/servicesNS/admin/search/search/jobs/export'
URL="${URLPROTO}${URLHOST}${URLPORT}${URLDIR}"
luser=(read from user input)
lpassword=(read from user input)
OUTFILE=(generated from hostname and the type of search I'm running) 
mySEARCH=(read from input file)
USER=(User ID read from environment)

The actually command is this.

curl -k -o "${OUTFILE}" -u ${luser:=${USER}}:${lpasswd} ${URL} -d search="${mySEARCH}" -d output_mode="csv"

My script loops through a list of hosts, read from an external file, performing several searches, read from a different external file, against each host. To clarify further, I can run my script and I get two or three failures out of a total of thirty total searches. The entire run doesn't fail, just two or three individual host/search pairs. The failure isn't limited to a specific host/search pair or a specific host or a specific search, as I can rerun my script and the failures stand a good chance of succeeding.

What is the cURL error trying to tell me?

If it matters, this is AIX.

curl 7.11.1 (powerpc-ibm-aix5.2.0.0) libcurl/7.11.1 OpenSSL/0.9.7g ipv6
Protocols: ftp gopher telnet dict ldap http file https ftps
Features: IPv6 SSL NTLM Largefile

IAmJeff

Posted 2016-12-15T22:53:05.917

Reputation: 142

1

Maybe the host has a "bad certificate" like self-signed for example. Look at this

– OscarAkaElvis – 2016-12-16T00:59:09.210

@OscarAkaElvis Would a bad certificate return immediately or wait for a timeout? Your link makes me think a different authorization method is needed, such as "echo -ne "username:password" | base64 --wrap 0" in my shell script, or "uuencode -m" in AIX-land? – IAmJeff – 2016-12-19T16:09:26.523

Answers

0

Curl reports these errors because Splunk doesn't return any data. (My search returned data for most hosts but a time-specific window would cause it to occasionally fail.)

Splunk times out after 5 minutes and disconnects curl, errno 73. The curl exit code (56) is "Failure in receiving network data." Splunk doesn't send anything, so no data to receive.

Thank you both @thrig and @OscarAkaElvis for assisting.

IAmJeff

Posted 2016-12-15T22:53:05.917

Reputation: 142

2

The names associated with the errno "error numbers" should be in the file errno.h usually stashed somewhere under /usr/include, though a webby search turns up:

http://www.ioplex.com/~miallen/errcmp.html

Which for 73 and AIX is "Connection reset by peer". So for some reason the peer (or something between the client and the peer) reset the connection.

thrig

Posted 2016-12-15T22:53:05.917

Reputation: 686

Wow. Nice on-line error-code table. – IAmJeff – 2016-12-19T16:13:08.737

How would I interpret this error code? curl: (56) SSL read: errno -5961 – IAmJeff – 2016-12-19T16:16:06.613

@IAmJeff too little context to tell, the return code can be negative as it's an int, so could either be a negative read, or something did set that (grep out of AIX and OpenSSL sources, maybe), or something else went awry. – thrig – 2016-12-19T19:54:53.683

Asked: 2016-12-15T22:53:05.917

Viewed: 3 411 times

Active: 2016-12-20T22:53:19.943