A strange regression in curl

[Toomas Aas]

Hello!

We have a web application running on FreeBSD 7.4 (amd64) which uses  
libcurl to send data to another system via HTTPS POST request. After I  
upgraded curl from 7.19.6 to 7.24, a mysterious problem appeared. When  
the length of the POSTed form exceeds 16121 bytes, sending the POST  
request to another system fails (receiving system responds with Error  
500 and writes in its log 'Invalid POST Request received'). Admin of  
the receiving system says that his system never sees more than 16121  
bytes of the incoming POST request.

The problem does not appear when sending requests over HTTP instead of  
HTTPS, but this is no solution due to security requirements. Also I'm  
told that the problem does not appear when sending requests with curl  
7.24 on Linux (don't know which distro).

I downgraded curl back to 7.21.3, and the problem seems to have  
disappeared. I have output of curl --trace from versions 7.24 and  
7.21.3, but looking at these two outputs they seem rather similar to me.

Interesting thing is that both versions do seem to send the data in  
two "batches", as seen in the output of --trace. In my test case,  
after successful SSL negotioation, I see the following actions:

Send header, 263 bytes
Send data, 16121 bytes
Send data, 890 bytes

Note how the first "Send data" is 16121 bytes, which is also the size  
limit where requests start to fail with curl 7.24. It seems that in  
case of curl 7.24 the receiving server does not receive the second  
part of "Send data" and thus sees the request as broken. But what is  
actually the problem? I don't think I can remain with curl 7.21.3  
indefinitely...

-- 
Toomas Aas