SOLVED [EA-8010] cURL upgrade breaks RSS feeds

[quanin]

During last night's updates, I was upgraded to 76.0.5 as well as latest Easyapache. I'm not sure which of the two is causing this issue.

I use a web-based RSS reader on my server, and after last night's updates, several of the feeds I pull mysteriously stopped actually updating. They stopped updating right at the time the updates ran. there doesn't seem to be any particular patern to the sites having this issue--in some cases, one RSS feed will work while another on the same site won't. In others, entire websites who's RSS feeds were reachable yesterday are no longer reachable today.

The weirdest thing about this is my application claims there's no RSS feed at the failing URls, but if I pull it up either from the local machine or manually using curl, it comes up no problem.

An example of a feed that fails as of last night, straight from the error log:
[08-Nov-2018 13:11:25 UTC] PHP Notice: A feed could not be found at https://www.reddit.com/r/changelog/.rss in /home/quanin/rss/simplepie/simplepie.inc on line 1520

Now, if you pull up that URL locally, clearly it exists. That RSS feed's encoding hasn't changed since 11:00 PM last night when the updates ran. And yet, it fails every time.

already, I've double checked that the PHP cURL extensions are installed, restarted apache, restarted CPanel, and double checked php.ini settings for all 3 installed PHP versions. They haven't changed since pre-update. At this point, I'm not sure where else to check. Feedback, guidance or a solution would all be greatly appreciated.

 

[cPanelMichael]

Hello @quanin,

It looks like you posted the PHP error log output. Can you check /usr/local/apache/logs/error_log as well and let us know of any specific output when this happens?

Thank you.

 

[quanin]

Michael,

There is a very good reason for the lack of log output from the standard apache error log. When this happens, nothing is logged to that file. The only file that has anything recorded to it when it fails is what I showed you.

 

[cPanelMichael]

Hello @quanin,

Can you open a support ticket so we can take a closer look at the system to determine what's happening? You can post the ticket number here and we'll update this thread with the outcome.

Thank you.

 

[quanin]

Done. #10686941

 

[cPanelMichael]

Hello,

To update, here's the response from our of our Technical Analysts on this topic:

Hello,

I do believe this is likely an upstream change with cURL 7.62. The latest upstream change sets the default:

========================
CURL_HTTP_VERSION_2TLS

Attempt HTTP 2 over TLS (HTTPS) only. libcurl will fall back to HTTP 1.1 if HTTP 2 can't be negotiated with the HTTPS server. For clear text HTTP servers, libcurl will use 1.1. (Added in 7.47.0)
========================

Prior versions used CURL_HTTP_VERSION_1_1 by default:

========================
CURL_HTTP_VERSION_1_1

Enforce HTTP 1.1 requests.
========================

This can be seen below:

CURLOPT_HTTP_VERSION

I hope this information has been helpful. Please let us know if you have any additional questions or concerns.

We monitoring this upstream as part of internal case EA-8010. I'll update this thread with new information as it becomes available.

Thank you.

 

[quanin]

thank you, Michael. In the meantime, I've modified my application to work around that change and am still running 7.62. In my particular application's case, I added the line:
curl_setopt($fp, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);

I still have no idea why that fixes my particular issue, but as of right at the moment it does. Other applications that have been caught by this change may need to do the same, or rewrite the part(s) of their applications that expect different behaviour from the default.

 

[chalupa]

Hello, I have a customer that is having an issue with this as well with their Magento site and their Recaptcha. Is there any further information about EA-8010? Thanks!

 

[quanin]

I haven't heard anything yet, but it's possible a line similar to what I used above may work around the issue for your customer in the meantime. I haven't used that software so am not entirely sure how best to make it compatible. Essentially, you want to force CURL to use HTTP 1.1 regardless the default. It may be worth investigating the recaptcha code's curlopt lines to see if that setting can be added somewhere.

 

[cPanelMichael]

Hello @chalupa,

Internal case EA-8010 is still open at this time. I'll continue to monitor this case and update this thread with any new information as it becomes available.

In the meantime, the workaround @quanin provided in this post seems to solve the problem.

Thank you.

 

[chalupa]

Thanks Michael and quanin, the customer was hoping to avoid that per their dev but if that's the only solution for now that's what we're stuck with! Thanks for the followup. I anticipate this will likely be a wider spread issue as we seem to have an issue with another customer possibly having and issue with Magento updates but I have not been able to confirm that it is the actual issue. Hoping for a resolution from the curl group soonish!

 

[TunedCloud]

Any update on EA-8010?

This issue seems to persist, the method I have used to 'resolve' it is to :

$ sudo yum downgrade ea-libcurl

Just winding back to previous ea-libcurl version, but really not a solution as you have to apply every time there is an update... I would be nice to have a permanent solution.

 

[quanin]

@TunedCloud, you want your application to fall back to CURL's old default. To do that, you'll need to add CURL_HTTP_VERSION_1_1 to your application's curlopt settings. How you do that depends on your application, but essentially the reason you're seeing this issue is because your application, or something it depends on, can't speak http/2. That was the problem with my application. The actual fix will probably require a rewrite, but until that happens, this is probably the only workaround we have. CPanel is likely working on something more permanent, but as you've noticed, it's not quick.

 

[cPanelMichael]

Hello @TunedCloud,

I don't have a specific time frame to offer on the publication of a solution at this time, however I'll continue to monitor the case and update this thread as soon as more information is available.

In the meantime, I concur with the advice from @quanin in the previous post in terms of the recommended workaround.

Thank you.

 

[chalupa]

@TunedCloud , likely could read up on setting the version for the curl RPM to be held back to the version you need so it persists between updates if I understand this documentation properly.

The rpm.versions File - Version 74 Documentation - cPanel Documentation

 

[quanin]

@chalupa, that's an option, but as pointed out by @cPanelMichael it's not necessarily recommended, given the current version is a vulnerability patch.

 

[cPanelMichael]

Hello,

To update, EA-8010 was closed as it appears the issue is no longer reproducible in the latest ea-libcurl RPMS. Please let us know if you continue to experience this issue.

Thank you.