Hello. I have a project that uses libcurl. Recently I have attempted to enabled concurrent data exchange. The connections established by the client are both HTTPS and use client-side X.509 certificates for authentication.
The problem is that, if used concurrently, NSS seems to not include, or include partially, the certificate that is to be sent out to the server. It results into: 1) Server replying with 401 because no certificates were attached 2) Server replying with SSL error, because certificate fails validation, CURL returns error 58. 3) Only some connections exhibit this problem. Note that in all cases, the connections being opened in parallel use *different* X.509 certificate/keys. Everything works perfectly well if executed in a single thread. FORBID_REUSE is set on every connection. curl objects are never reused, always destroyed/recreated. Using "easy" interface. Running strace on the process, I can see NSS accessing the correct PEM files, but simply not including the certificate (point #1). I assume there are some invalid bits for point #2 (the correct certificate seems to be included), but figuring it out is somewhat tedious. I assume that the problems are related, and #1 is more clear cut. I was wondering whether this was a known problem, and what is the best approach to debugging it. Considering I've not been around NSS or libcurl code before, any pointers on where to dig would be highly appreciated. Configurations: AWS Linux: curl 7.47.1 (x86_64-redhat-linux-gnu) libcurl/7.47.1 NSS/3.21.3 Basic ECC zlib/1.2.8 libidn/1.18 libpsl/0.6.2 (+libicu/50.1.2) libssh2/1.4.2 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets PSL FC 23: curl 7.43.0 (x86_64-redhat-linux-gnu) libcurl/7.43.0 NSS/3.26 zlib/1.2.8 libidn/1.33 libssh2/1.6.0 nghttp2/1.7.1 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets Metalink Thank you! Pawel.
------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
