Execption safe
Hi All, Kindly let me know whether we have to handle any exception while using libcurl library functions to make our application exception safe . Will libcurl throw any exception in corner cases. if yes ,so how do we handle that. Regards, Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
curl_easy_getinfo return codes
Hi All, While trying to read response of a multiperform. res = curl_easy_getinfo( e, CURLINFO_RESPONSE_CODE, _code ) if curl_easy_getinfo returns a value res != CURLE_OK, Please let me know 1. Should i re-try this request. 2. Drop this request. Would the error code returned by this function same as in the below list: https://curl.haxx.se/libcurl/c/libcurl-errors.html Or is it like in case if res != CURLE_OK, it would have a valid response_code , which could be looked upon for further actions. Regards, Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Max number of easy handles in a multi handle
Hi All, Please let me know if there is any max limit on the number of easy handles that can be added to a multi handle. Thanks, Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
crash while trying to log.
HI All, Yesterday we faced an issue. for our application when socket logging was enabled. In debug build (when compiled with -g option) our application worked fine. When we released the application in released mode (without -g option), application crashes while trying to wrtie socket logs. res = curl_easy_setopt( curl_handle, CURLOPT_DEBUGFUNCTION, log_function ) we also set SETOPT(query, CURLOPT_VERBOSE, 1 ); during initialising of the curl handle. BT: #6 0x004e9e2d in x::log_function(void*, curl_infotype, char*, unsigned long, void*) () #7 0x7f9fac2e0118 in Curl_debug () from /lib64/libcurl.so.4 #8 0x7f9fac2e02d4 in Curl_infof () from /lib64/libcurl.so.4 #9 0x7f9fac2ed4ea in Curl_setup_conn () from /lib64/libcurl.so.4 #10 0x7f9fac2ed70c in Curl_connect () from /lib64/libcurl.so.4 #11 0x7f9fac2fd320 in multi_runsingle () from /lib64/libcurl.so.4 #12 0x7f9fac2fe181 in curl_multi_perform () from /lib64/libcurl.so.4 in debug build every was working fine, to reproduce issue, we removed -g compiler flag and issue was reproduced. after reproducing issue, even in debug build we could reproduce the issue. not sure why. Please provide your comments if you have faced similar issue. Thanks Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: crash issue: while invoking easy perform.
Hi all, Updated to latest version : $ curl --version curl 7.58.0 (x86_64-redhat-linux-gnu) libcurl/7.58.0 NSS/3.28.4 zlib/1.2.7 libpsl/0.7.0 (+libicu/50.1.2) libssh2/1.8.0 nghttp2/1.21.1 Release-Date: 2018-01-24 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy Metalink PSL i still face the issue: please find bt below: (gdb) bt #0 0x7f0ca183d4ab in raise (sig=11) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37 #1 0x7f0ca64bd582 in skgesigOSCrash () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #2 0x7f0ca6add8a5 in kpeDbgSignalHandler () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #3 0x7f0ca64bd8c0 in skgesig_sigactionHandler () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #4 #5 0x7f0c9f5ae01e in NSSRWLock_LockWrite_Util () from /lib64/libnssutil3.so #6 0x7f0c9f82486f in secmod_AddModuleToList () from /lib64/libnss3.so #7 0x7f0c9f8184b1 in SECMOD_LoadModule () from /lib64/libnss3.so #8 0x7f0c9f8185e9 in SECMOD_LoadUserModule () from /lib64/libnss3.so #9 0x7f0ca855cd2e in nss_load_module.part.10 () from /lib64/libcurl.so.4 #10 0x7f0ca855e216 in nss_setup_connect () from /lib64/libcurl.so.4 #11 0x7f0ca855e800 in nss_connect_common () from /lib64/libcurl.so.4 #12 0x7f0ca855a816 in Curl_ssl_connect_nonblocking () from /lib64/libcurl.so.4 #13 0x7f0ca850b042 in https_connecting () from /lib64/libcurl.so.4 #14 0x7f0ca8517611 in Curl_protocol_connect () from /lib64/libcurl.so.4 #15 0x7f0ca852c24e in multi_runsingle () from /lib64/libcurl.so.4 #16 0x7f0ca852d039 in curl_multi_perform () from /lib64/libcurl.so.4 #17 0x7f0ca8523895 in curl_easy_perform () from /lib64/libcurl.so.4 On Mon, Mar 5, 2018 at 4:09 AM, Daniel Stenberg <dan...@haxx.se> wrote: > On Sat, 3 Mar 2018, surya chandrika wrote: > > acc to logic only curl_easy_perform () should be invoked, but not sure >> why BT shows curl_multi_perform () is it internally invoked from curl. >> > > Yes it is. > > Please let me know if anyone is familiar with this. >> > > ... > > curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.28.4 zlib/1.2.7 >> libidn/1.28 libssh2/1.4.3 >> > > That's a five years old curl version. Chances are big we fixed that and > several other problems since then. Please try a much newer version and see > if the bug remains! > > -- > > / daniel.haxx.se > --- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: crash issue: while invoking easy perform.
Hi all, This issue is resolved now, Thanks for your quick response. I was getting Curl 35 error code in log followed by a crash. there were multiple threads running at parallel, and each thread at start invoked global_init and global_cleanup at its exit. when i removed global cleanup from all these threads, issue is resolved. I did for each thread as its a long running application and thread wakes up only when some event occurs. so wanted to clean up memory when all are asleep. It seems global init and clean need not be done for each thread, need to be called only once for an application. along with that also updated ssl_certificate and ssl_certificate_key and update-ca-trust as i saw curl 35 error code. On Mon, Mar 5, 2018 at 3:38 PM, Daniel Stenberg <dan...@haxx.se> wrote: > On Mon, 5 Mar 2018, surya chandrika wrote: > > (gdb) bt >> #0 0x7f0ca183d4ab in raise (sig=11) >>at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37 >> #1 0x7f0ca64bd582 in skgesigOSCrash () >> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 >> #2 0x7f0ca6add8a5 in kpeDbgSignalHandler () >> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 >> #3 0x7f0ca64bd8c0 in skgesig_sigactionHandler () >> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 >> #4 >> #5 0x7f0c9f5ae01e in NSSRWLock_LockWrite_Util () from >> /lib64/libnssutil3.so >> #6 0x7f0c9f82486f in secmod_AddModuleToList () from /lib64/libnss3.so >> #7 0x7f0c9f8184b1 in SECMOD_LoadModule () from /lib64/libnss3.so >> #8 0x7f0c9f8185e9 in SECMOD_LoadUserModule () from /lib64/libnss3.so >> #9 0x7f0ca855cd2e in nss_load_module.part.10 () from >> /lib64/libcurl.so.4 >> #10 0x7f0ca855e216 in nss_setup_connect () from /lib64/libcurl.so.4 >> > > So this is the NSS function SECMOD_LoadUserModule() that crashes. > > I have no means to reproduce this so I can't really tell what's going on > here. Could it be a NSS issue? Is the "pcks11 module" this loads correctly > built/installed/used? > > > -- > > / daniel.haxx.se > --- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
crash issue: while invoking easy perform.
Am getting following crash issue: BT: #0 0x7f5a2c4344ab in raise (sig=11) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37 #1 0x7f5a310b4582 in skgesigOSCrash () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #2 0x7f5a316d48a5 in kpeDbgSignalHandler () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #3 0x7f5a310b48c0 in skgesig_sigactionHandler () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #4 #5 __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:66 #6 0x7f5a29ddee49 in PR_Lock () from /lib64/libnspr4.so #7 0x7f5a33130747 in nss_connect_common () from /lib64/libcurl.so.4 #8 0x7f5a3312795e in Curl_ssl_connect_nonblocking () from /lib64/libcurl.so.4 #9 0x7f5a330fee4d in Curl_http_connect () from /lib64/libcurl.so.4 #10 0x7f5a331214a5 in multi_runsingle () from /lib64/libcurl.so.4 #11 0x7f5a3311 in curl_multi_perform () from /lib64/libcurl.so.4 #12 0x7f5a33119523 in curl_easy_perform () from /lib64/libcurl.so.4 acc to logic only curl_easy_perform () should be invoked, but not sure why BT shows curl_multi_perform () is it internally invoked from curl. Please let me know if anyone is familiar with this. Note: $ curl --version curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.28.4 zlib/1.2.7 libidn/1.28 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets Regards, Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Libcurl handles and file descriptors and select
Hi, Am new into libcurl world, please clarify the below queries: -> When is the file descriptors actually associated with a handle. -> Is there any limitation in the number of handles that can be created by a process. Requirement: Need to post messages received in a message queue to a remote host(s) based on the subscription details in message asynchronously. expected load in huge. 1. a thread which reads a message queue and create handles 2. a thread which will call select() function to check if any event has occurred. 3. multiple threads which in turn will call curl_multi_perform and post to remote host. Please guide me. Thanks Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: curl handles and multi thread
Hi All, Actually i have multiple message queues say for eg 50 queues(shared bw threads) with messages that needs to be delivered without affecting the sequence of messages in a particular queue. Multiple threads are supposed to serve this purpose. Each thread keeps polling this message queue ,which ever is open,thread takes a message and deliver them one by one. in current implementation its a sync request so if the destination host is down, this thread has a waiting period, so in order to make them faster, we planning to switch to async where thread_a (from a pool of threads) perform multi_perform when a message queue is available and puts them to a pending messages queue. which is then processed by other thread_b(from a pool of threads) once ready. This thread_a will now be open to poll the other message queues. so handles prcoessed by multiple threads would be different , so i assume threads should not be blocking except for the select()/timeout in thread_b. Please share your thoughts for the same. Thanks Surya On Sat, Nov 11, 2017 at 3:52 AM, Daniel Stenberg <dan...@haxx.se> wrote: > On Wed, 8 Nov 2017, surya chandrika via curl-library wrote: > > You must never share the same handle in multiple threads. You can pass the >> handles around among threads, but you must never use a single handle from >> more than one thread at any given time. >> >> Usecase: (cpp) >> > > 1. Get a multi handle and post an async req >> 2. If still_running = 1 push them into a global map >> > > Them? > > 3. another thread which actively parse this map to select() the handles. >> (one thread dedicated for selection for pending request) >> > > Why another thread? The thread in (2) can't do anything anyway as long as > (3) uses the same handle. > > 4. If an activity is detected another thread from threadpool perform multi >> perform. >> > > Yet another? It's still the same multi handle,so it can't do anything with > the handle unless the other threads using the handle all hold off. > > So using a proper locking mechanism i understand that i should be able to >> perform the above without any exception. >> > > Sure, but the question is then left why you feel you need to use so many > threads... > > -- > > / daniel.haxx.se > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
curl handles and multi thread
Hi all, >From this link it says https://curl.haxx.se/libcurl/c/threadsafe.html You must never share the same handle in multiple threads. You can pass the handles around among threads, but you must never use a single handle from more than one thread at any given time. Usecase: (cpp) 1. Get a multi handle and post an async req 2. If still_running = 1 push them into a global map 3. another thread which actively parse this map to select() the handles. (one thread dedicated for selection for pending request) 4. If an activity is detected another thread from threadpool perform multi perform. So using a proper locking mechanism i understand that i should be able to perform the above without any exception. Please let me know if this understanding is correct. Thanks Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
curl multi perform when remote host is down
Hi All, I am using curl multi perform . I have added about 10 easy handles to post to 10 different host. I would like to know that if few of the host is not reachable will it affect the performance or response time of other request. I assume it should not as they are parallel processing. Please confirm whether the below understanding is correct. If am waiting for still_running variable to be 0 --> may be here it would affect, instead i should keep on removing the processed handle and keep adding new handles. Thanks Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
open ssl vs gnutls used along with libcurl
Hi All, There is a weird memory leak in my program. Valgrind shows: 1. We have a usecase within program which uses gnu encrypt decrypt function, and it reports leaks. ==57842== 775 (152 direct, 623 indirect) bytes in 1 blocks are definitely lost in loss record 2,287 of 2,663 ==57842==at 0x4C29975: calloc (vg_replace_malloc.c:711) ==57842==by 0xF62230B: ??? (in /usr/lib64/libtasn1.so.6.5.3) ==57842==by 0xF6224BB: asn1_create_element (in /usr/lib64/libtasn1.so.6.5.3) ==57842==by 0x7B1ACB2: ??? (in /usr/lib64/libgnutls.so.28.43.0) ==57842==by 0x7B1D8F3: ??? (in /usr/lib64/libgnutls.so.28.43.0) ==57842==by 0x7B1DC75: gnutls_x509_privkey_export_pkcs8 (in /usr/lib64/libgnutls.so.28.43.0) So i was searching a bit about gnu and found this link, where it states gnu used along curl can also leak https://github.com/curl/curl/issues/1086 Is there any known issues like curl with gnu has leaks? Will switching to openssl solve this problem as stated in this link? 2. Also in valgrind i can see , opessl backtrace even though am using gnutls , is this related: ==70015== 24 bytes in 1 blocks are still reachable in loss record 27 of 662 ==70015==at 0x4C27BE3: malloc (vg_replace_malloc.c:299) ==70015==by 0xDCCC3B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k) ==70015==by 0xDCCF238: OBJ_NAME_add (in /usr/lib64/libcrypto.so.1.0.2k) ==70015==by 0xDD8E394: EVP_add_cipher (in /usr/lib64/libcrypto.so.1.0.2k) ==70015==by 0xDD92E8C: OpenSSL_add_all_ciphers (in /usr/lib64/libcrypto.so.1.0.2k) ==70015==by 0xDD92B4D: OPENSSL_add_all_algorithms_noconf (in /usr/lib64/libcrypto.so.1.0.2k) ==70015==by 0x1014B428: libssh2_init (in /usr/lib64/libssh2.so.1.0.1) ==70015==by 0x7DEF936: curl_global_init (easy.c:273) 3. I have 182 hits for the below backtrace in my valgrind log , although its invoked only once and global cleanup in invoked at the end of program. This program is a long running program and we dont expect to stop or restart in between. ==70015==at 0x4C27BE3: malloc (vg_replace_malloc.c:299) ==70015==by 0x11135142: PR_ErrorInstallTable (in /usr/lib64/libnspr4.so) ==70015==by 0x111353A8: ??? (in /usr/lib64/libnspr4.so) ==70015==by 0x7E1C0E4: Curl_nss_init (nss.c:1244) ==70015==by 0x7DEF924: curl_global_init (easy.c:239) ==70015==by 0x4FE080: General::CURLInstance::curlGlobalinit() (CurlClient.cc:103) Similarly i have several hits for the point 2 back log as well. Apart from such backtraces i didnt find any valuable leaks in valgrind which could cause heavy leaks, Any comments or help would be greatly appreciated . Thanks Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: open ssl vs gnutls used along with libcurl
Hi , Libcurl version: -sh-4.2$ curl --version curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.43.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3 Also in point 2: program is still using gnutls but backtrace shows openssl. I didnot understand why. On Fri, Oct 5, 2018 at 2:57 PM Daniel Stenberg wrote: > On Fri, 5 Oct 2018, surya chandrika via curl-library wrote: > > > We have a usecase within program which uses gnu encrypt decrypt function, > > and it reports leaks. > > > > So i was searching a bit about gnu and found this link, where it states > gnu > > used along curl can also leak > > > > https://github.com/curl/curl/issues/1086 > > That's a one way of reading that issue but I would disagree with it. > > I would summarize that issue like this: some people say there's a leak > somewhere when curl uses GnuTLS - but I failed (repeatedly) to reproduce > and > nobody could provide a reproducible test case either. The issue was rather > pointing to a potentially large memory consumption in GnuTLS and no memory > leak. > > > Is there any known issues like curl with gnu has leaks? > > Not to my knowledge. > > > Will switching to openssl solve this problem as stated in this link? > > There is and was no leak in that issue but you can certainly switch and > build > curl with openssl if you like. > > > ==70015==by 0xDD92B4D: OPENSSL_add_all_algorithms_noconf (in > > /usr/lib64/libcrypto.so.1.0.2k) > > ==70015==by 0x1014B428: libssh2_init (in /usr/lib64/libssh2.so.1.0.1) > > That looks like it might be a leak, yes. I would primarily suspect/point > at > libssh2 unless you run a recent version (based on that trace). > > I'm not aware of any known memory leaks in curl with openssl either, using > recent 3rd party components. > > We run tests on our code non-stop and for all commits that also run all > tests > with valgrind and asan and more. (But sure, bugs still happen to slip in!) > > > 3. I have 182 hits for the below backtrace in my valgrind log , although > its > > invoked only once and global cleanup in invoked at the end of program. > This > > program is a long running program and we dont expect to stop or restart > in > > between. > > > ==70015==by 0x11135142: PR_ErrorInstallTable (in > /usr/lib64/libnspr4.so) > > ==70015==by 0x111353A8: ??? (in /usr/lib64/libnspr4.so) > > ==70015==by 0x7E1C0E4: Curl_nss_init (nss.c:1244) > > Now we're using curl + NSS? Yes this looks like a suspicious leak. Do you > run > a recent NSS version? > > You're also not telling us which libcurl version all this is done with. I > would encourage you to use a recent version there as well, to reduce the > risk > that you're seeing problems we've already fixed... > > -- > > / daniel.haxx.se > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: open ssl vs gnutls used along with libcurl
Okay So as first step i need to update all this to latest version i assume. If i want to switch to open ssl how can i confirm that curl now uses open ssl instead of gnutls. Is there any easy approach. As i doesnt look like huge memory consumption as the program consumes 9Gb in 10 days. Program basically fetch information from one host and pushes to another host. Valgrind doesnt show much leak in program itself and that why looking out other possibilities. Thanks Surya On Fri, Oct 5, 2018 at 4:48 PM Daniel Stenberg wrote: > On Fri, 5 Oct 2018, surya chandrika via curl-library wrote: > > > curl 7.29.0 (x86_64-redhat-linux-gnu) > > 7.29.0 command line tool... > > > libcurl/7.43.0 NSS/3.19.1 Basic ECC > > with a 7.43.0 libcurl! That's a funky mix! > > > Also in point 2: program is still using gnutls but backtrace shows > openssl. > > I didnot understand why. > > Because it uses libssh2 which was built to use openssl... > > -- > > / daniel.haxx.se > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Crash while using multi handle
HI Libcurl I observed below crash issue: Usecase; Have configured multiple threads (to divided external interfaces logically), each has got its own multi handle (each multi handles have curl easy handles ) which is used to post request to different host. Initially i had only 2 threads with each having a multi handle initialized- This was working fine. Now we introduced a third thread in similar pattern and its getting crashed with following dump. #0 0x7fd5ec69623b in raise () from /lib64/libpthread.so.0 #1 0x7fd5f1316582 in skgesigOSCrash () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #2 0x7fd5f19368a5 in kpeDbgSignalHandler () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #3 0x7fd5f13168c0 in skgesig_sigactionHandler () from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1 #4 #5 0x7fd5ec2fb1d7 in raise () from /lib64/libc.so.6 #6 0x7fd5ec2fc8c8 in abort () from /lib64/libc.so.6 #7 0x7fd5ec33af07 in __libc_message () from /lib64/libc.so.6 #8 0x7fd5ec342503 in _int_free () from /lib64/libc.so.6 #9 0x7fd5ec345208 in _int_realloc () from /lib64/libc.so.6 #10 0x7fd5ec346602 in realloc () from /lib64/libc.so.6 #11 0x7fd5eaf4d274 in OPENSSL_sk_insert () from /usr/local/openssl/lib/libcrypto.so.1.1 #12 0x7fd5eae719ea in CONF_module_add () from /usr/local/openssl/lib/libcrypto.so.1.1 #13 0x7fd5eae711c9 in OPENSSL_load_builtin_modules () from /usr/local/openssl/lib/libcrypto.so.1.1 #14 0x7fd5f33a3e5b in Curl_ossl_init () from /lib64/libcurl.so.4 #15 0x7fd5f337940b in global_init () from /lib64/libcurl.so.4 #16 0x7fd5f33796a8 in curl_easy_init () from /lib64/libcurl.so.4 #17 0x7fd5f3393df0 in Curl_conncache_init () from /lib64/libcurl.so.4 #18 0x7fd5f337e3d8 in Curl_multi_handle () from /lib64/libcurl.so.4 #19 0x0052ab4e in General::CURLxx:: CURLxx (this=0x7fd5d85ba150, log_=0x12d5570) at yy.cc:452 Curl version; curl 7.43.0 (x86_64-redhat-linux-gnu) libcurl/7.61.0 OpenSSL/1.1.0g zlib/1.2.7 Also would like to know which is the compatible gnutls version for libcurl Version: 7.64.0 Thanks, Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: create rpm for libcurl
On Mon, May 20, 2019 at 3:55 PM Kamil Dudka wrote: > On Monday, May 20, 2019 12:15:32 PM CEST surya chandrika wrote: > > On Wed, May 15, 2019 at 5:49 PM Kamil Dudka wrote: > > > Why do not you use the %configure macro as in the mentioned spec file? > > > It should take care of setting all the prefixes. > > > > > > > When i install rpm, version is *upgraded to 7.64.0,* but it says > > > > > > *Gnutls*, > > > > > > > instead of* Open ssl* > > > > > > You should have `BuildRequires: openssl-devel` in the spec file to make > > > sure > > > that the build environment of OpenSSL is available while running the > > > build. > > > > I added BuildRequires: openssl-devel` this but then also after installing > > rpm its using gnutls. > > `BuildRequires: openssl-devel` just makes rpmbuild check whether > openssl-devel > is installed _before_ the build starts. It does not affect the build > itself. > > > According to > > https://curl.haxx.se/docs/install.html > > It should auto take openssl if nothing is specified. "If you have OpenSSL > > installed in the default search path for your compiler/linker, you don't > > need to do anything special". > > I have installed openssl and openssl-devel via yum install, so it should > be > > in default paths. > > > > Note: Am generating rpm in one host and installing rpm in another host. > Is > > there any thing else that i need to make sure so that its takes openssl > > instead of gnutls. > > You need to check output of the `configure` script and possibly config.log > to > figure out why openssl is not used. > > It is also possible that you have successfully built curl against openssl > but > then you use a different curl executable or libcurl library than the ones > that > you have built. > > After installing rpm when i check ssl-backends it says *openssl* (which is expected), but when i check curl --version it shows *GnuTLS/3.3.29* Could you please let me know why it shows different, --ssl-backends output the SSL backends libcurl was built to support /usr/share/applications/curl/bin -sh-4.2$ ls curl curl-config -sh-4.2$ curl-config --version libcurl 7.64.0 *-sh-4.2$ curl-config --ssl-backends* *OpenSSL* *-sh-4.2$ curl --version* curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 *GnuTLS/3.3.29 *zlib/1.2.7 Release-Date: 2019-02-06 > Kamil > > > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: create rpm for libcurl
On Wed, May 22, 2019 at 5:12 PM Kamil Dudka wrote: > On Wednesday, May 22, 2019 1:20:01 PM CEST surya chandrika wrote: > > On Mon, May 20, 2019 at 3:55 PM Kamil Dudka wrote: > > > On Monday, May 20, 2019 12:15:32 PM CEST surya chandrika wrote: > > > > On Wed, May 15, 2019 at 5:49 PM Kamil Dudka > wrote: > > > > > Why do not you use the %configure macro as in the mentioned spec > file? > > > > > It should take care of setting all the prefixes. > > > > > > > > > > > When i install rpm, version is *upgraded to 7.64.0,* but it says > > > > > > > > > > *Gnutls*, > > > > > > > > > > > instead of* Open ssl* > > > > > > > > > > You should have `BuildRequires: openssl-devel` in the spec file to > > > > > make > > > > > sure > > > > > that the build environment of OpenSSL is available while running > the > > > > > build. > > > > > > > > I added BuildRequires: openssl-devel` this but then also after > > > > installing > > > > rpm its using gnutls. > > > > > > `BuildRequires: openssl-devel` just makes rpmbuild check whether > > > openssl-devel > > > is installed _before_ the build starts. It does not affect the build > > > itself. > > > > > > > According to > > > > https://curl.haxx.se/docs/install.html > > > > It should auto take openssl if nothing is specified. "If you have > > > > OpenSSL > > > > installed in the default search path for your compiler/linker, you > don't > > > > need to do anything special". > > > > I have installed openssl and openssl-devel via yum install, so it > should > > > > > > be > > > > > > > in default paths. > > > > > > > > Note: Am generating rpm in one host and installing rpm in another > host. > > > > > > Is > > > > > > > there any thing else that i need to make sure so that its takes > openssl > > > > instead of gnutls. > > > > > > You need to check output of the `configure` script and possibly > config.log > > > to > > > figure out why openssl is not used. > > > > > > It is also possible that you have successfully built curl against > openssl > > > but > > > then you use a different curl executable or libcurl library than the > ones > > > that > > > you have built. > > > > > > After installing rpm when i check ssl-backends it says *openssl* (which > > > > is expected), but when i check curl --version it shows *GnuTLS/3.3.29* > > Could you please let me know why it shows different, > > > > --ssl-backends output the SSL backends libcurl was built to support > > > > /usr/share/applications/curl/bin > > The above location seems pretty non-standard and it violates FHS because > the > /usr/share directory is intended for architecture-independent data, which > curl > binary is definitely not: > > https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard > > > -sh-4.2$ ls > > curl curl-config > > -sh-4.2$ curl-config --version > > libcurl 7.64.0 > > *-sh-4.2$ curl-config --ssl-backends* > > *OpenSSL* > > > > > > *-sh-4.2$ curl --version* > > curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 *GnuTLS/3.3.29 > *zlib/1.2.7 > > Release-Date: 2019-02-06 > > First you need to check: > > 1. which executables (absolute paths) you are running and why > > 2. which libraries they load at run-time and why > > I am afraid that both the questions are out of scope of this mailing-list. > > You should seek advice on appropriate channels. > Thank you for the assistance and guidance. looks like rpm, is working. > > Kamil > > > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: create rpm for libcurl
On Wed, May 15, 2019 at 5:49 PM Kamil Dudka wrote: > On Wednesday, May 15, 2019 1:26:29 PM CEST surya chandrika wrote: > > On Mon, May 13, 2019 at 1:49 PM Kamil Dudka wrote: > > > On Sunday, May 12, 2019 7:45:28 PM CEST surya chandrika via > curl-library > > > > > > wrote: > > > > On Fri, May 10, 2019 at 7:11 PM Kamil Dudka > wrote: > > > > > On Friday, May 10, 2019 3:00:46 PM CEST surya chandrika via > > > > > > curl-library > > > > > > > > wrote: > > > > > > Hi All, > > > > > > > > > > > > Am trying to create rpm for libcurl version 7.64.0 using rpm > build. > > > > > > Am trying to write SPEC file for the same. > > > > > > > > > > Why do not you use an existing SPEC file to begin with? > > > > > > > > > > https://src.fedoraproject.org/rpms/curl/blob/f30/f/curl.spec > > > > > > > > *Do we have similar spec file for Centos Linux for version > 7.64* > > > > > > Not that I know of. But you can try to update the current CentOS 7 > spec > > > file: > > > > > > https://git.centos.org/rpms/curl/blob/f0f8d7eb/f/SPECS/curl.spec > > > > I created a sample spec file and generated the rpms. Even though i have > > mentioned > > %build > > export PREFIX=%{_prefix} > > ./configure \ > > --prefix="$PREFIX" \ > >* --with-ssl* > > Why do not you use the %configure macro as in the mentioned spec file? > It should take care of setting all the prefixes. > > > When i install rpm, version is *upgraded to 7.64.0,* but it says > *Gnutls*, > > instead of* Open ssl* > > You should have `BuildRequires: openssl-devel` in the spec file to make > sure > that the build environment of OpenSSL is available while running the build. > I added BuildRequires: openssl-devel` this but then also after installing rpm its using gnutls. According to https://curl.haxx.se/docs/install.html It should auto take openssl if nothing is specified. "If you have OpenSSL installed in the default search path for your compiler/linker, you don't need to do anything special". I have installed openssl and openssl-devel via yum install, so it should be in default paths. Note: Am generating rpm in one host and installing rpm in another host. Is there any thing else that i need to make sure so that its takes openssl instead of gnutls. > > Kamil > > > [toa@localhost libcurl]$ curl --version > > curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 *GnuTLS/3.3.26 > zlib/1.2.7* > > Release-Date: 2019-02-06 > > > > When i *compiled from source* using same option , it shows open ssl . > > > > > -sh-4.2$ curl --version > > > > > > curl 7.43.0 (x86_64-redhat-linux-gnu) libcurl/7.64.0* OpenSS*L/1.0.2k > > > > > >> zlib/1.2.7 > > >> > > > Please review spec file. > > > > > > Surya > > > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: php curl insecure connection option is skipped
I Ran the following -sh-4.2$ HOST=; echo | openssl s_client -servername $HOST -connect $HOST:443 2>/dev/null | openssl x509 -noout -checkhost $HOST unable to load certificate 139697300731712:error:0906D06C:PEM routines:PEM_read_bio:no start line:crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE I added a self signed certificate for this host. Could that be a reason? On Wed, May 8, 2019 at 11:48 AM Ray Satiro via curl-library < curl-library@cool.haxx.se> wrote: > On 5/8/2019 12:32 AM, surya chandrika wrote: > > Disabling CURLOPT_SSL_VERIFYHOST worked. Yes as you said this is not > recommended. > But am not sure why certificate with correct hostname is not recognized > from uploaded certificate. > I added certificate in path "/etc/pki/ca-trust/source/anchors/ > In verbose mode it says it got 5 certificate > > * found 171 certificates in /etc/pki/tls/certs/ca-bundle.crt > * *found 5 certificates in /etc/pki/ca-trust/source/anchors/* > > *But throw error *SSL: certificate subject name (#1300) does not match > target host name 'abc.com > > Any idea why certificate is not recognized > > > If abc.com is a hostname in the certificate then you should not see that > message. Check if OpenSSL gives different results: > > (HOST=abc.com ; echo | openssl s_client -servername $HOST -connect > $HOST:443 2>/dev/null | openssl x509 -noout -checkhost $HOST) > > Instead of -checkhost $HOST you can use -text to dump the certificate > details. You should see the hostname in X509v3 Subject Alternative Name. > > --- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
create rpm for libcurl
Hi All, Am trying to create rpm for libcurl version 7.64.0 using rpm build. Am trying to write SPEC file for the same. Please let me know what would be the correct value for Group: License: section is spec file. Thanks Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: create rpm for libcurl
On Mon, May 13, 2019 at 1:49 PM Kamil Dudka wrote: > On Sunday, May 12, 2019 7:45:28 PM CEST surya chandrika via curl-library > wrote: > > On Fri, May 10, 2019 at 7:11 PM Kamil Dudka wrote: > > > On Friday, May 10, 2019 3:00:46 PM CEST surya chandrika via > curl-library > > > > > > wrote: > > > > Hi All, > > > > > > > > Am trying to create rpm for libcurl version 7.64.0 using rpm build. > > > > Am trying to write SPEC file for the same. > > > > > > Why do not you use an existing SPEC file to begin with? > > > > > > https://src.fedoraproject.org/rpms/curl/blob/f30/f/curl.spec > > > > *Do we have similar spec file for Centos Linux for version 7.64* > > Not that I know of. But you can try to update the current CentOS 7 spec > file: > > https://git.centos.org/rpms/curl/blob/f0f8d7eb/f/SPECS/curl.spec I created a sample spec file and generated the rpms. Even though i have mentioned %build export PREFIX=%{_prefix} ./configure \ --prefix="$PREFIX" \ * --with-ssl* When i install rpm, version is *upgraded to 7.64.0,* but it says *Gnutls*, instead of* Open ssl* [toa@localhost libcurl]$ curl --version curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 *GnuTLS/3.3.26 zlib/1.2.7* Release-Date: 2019-02-06 When i *compiled from source* using same option , it shows open ssl . > > -sh-4.2$ curl --version > > curl 7.43.0 (x86_64-redhat-linux-gnu) libcurl/7.64.0* OpenSS*L/1.0.2k >> zlib/1.2.7 > > > Please review spec file. > Surya > > curl_ssl3.spec Description: Binary data --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: create rpm for libcurl
On Fri, May 10, 2019 at 7:11 PM Kamil Dudka wrote: > On Friday, May 10, 2019 3:00:46 PM CEST surya chandrika via curl-library > wrote: > > Hi All, > > > > Am trying to create rpm for libcurl version 7.64.0 using rpm build. > > Am trying to write SPEC file for the same. > > Why do not you use an existing SPEC file to begin with? > > https://src.fedoraproject.org/rpms/curl/blob/f30/f/curl.spec *Do we have similar spec file for Centos Linux for version 7.64* > > > > Please let me know what would be the correct value for > > > > Group: > > libcurl used to have Development/Libraries as Group in Fedora before > the Group tag was deprecated. > > > License: > > MIT > > > section is spec file. > > > > Thanks > > Surya > > > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
php curl insecure connection option is skipped
Hi, There a php script which tries to push data to destination host . Looks like after curl update in-secure option is not working. a self sign certificate with CN as the destination host was copied to /etc/pki/ca-trust/source/anchors/ and ran update-ca-trust the following option is also set in script curl_setopt($this, CURLOPT_CAINFO, '/etc/pki/ca-trust/source/anchors/esn.crt'); curl_setopt($this->curl,CURLOPT_CAPATH,"/etc/pki/ca-trust/source/anchors/"); curl_setopt($this->curl, CURLOPT_SSL_VERIFYPEER, false); * Connected to abc.com (11.111.111.11) port 8443 (#0) * found 171 certificates in /etc/pki/tls/certs/ca-bundle.crt * *found 5 certificates in /etc/pki/ca-trust/source/anchors/* * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_CBC_SHA384 *server certificate verification SKIPPED *server certificate status verification SKIPPED * SSL: certificate subject name (#1300) does not match target host name ' abc.com ' * Closing connection 0 curl_version() output [version_number] => 475136 [age] => 4 [features] => 2671261 [ssl_version_number] => 0 [version] => 7.64.0 [host] => x86_64-pc-linux-gnu [ssl_version] => GnuTLS/3.3.8 [libz_version] => 1.2.7 -sh-4.2$ curl --version curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 GnuTLS/3.3.8 zlib/1.2.7 Regards, Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: php curl insecure connection option is skipped
Hi, Disabling CURLOPT_SSL_VERIFYHOST worked. Yes as you said this is not recommended. But am not sure why certificate with correct hostname is not recognized from uploaded certificate. I added certificate in path "/etc/pki/ca-trust/source/anchors/ In verbose mode it says it got 5 certificate * found 171 certificates in /etc/pki/tls/certs/ca-bundle.crt * *found 5 certificates in /etc/pki/ca-trust/source/anchors/* *But throw error *SSL: certificate subject name (#1300) does not match target host name 'abc.com Any idea why certificate is not recognized On Wed, May 8, 2019 at 12:59 AM Ray Satiro via curl-library < curl-library@cool.haxx.se> wrote: > On 5/7/2019 1:14 PM, surya chandrika via curl-library wrote: > > There a php script which tries to push data to?? destination host?? . > Looks like after curl update in-secure option is not working. > a self sign certificate with CN as the destination host was copied to > /etc/pki/ca-trust/source/anchors/ > and ran update-ca-trust?? > > the following option is also set in script > > ?? curl_setopt($this, CURLOPT_CAINFO, > '/etc/pki/ca-trust/source/anchors/esn.crt'); > ?? ?? ?? ?? > curl_setopt($this->curl,CURLOPT_CAPATH,"/etc/pki/ca-trust/source/anchors/"); > ?? ?? ?? ?? curl_setopt($this->curl, CURLOPT_SSL_VERIFYPEER, false); > > > > * Connected to abc.com (11.111.111.11) port 8443 (#0) > * found 171 certificates in /etc/pki/tls/certs/ca-bundle.crt > * *found 5 certificates in /etc/pki/ca-trust/source/anchors/* > * ALPN, offering http/1.1 > * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_CBC_SHA384 > *?? ?? ?? ?? server certificate verification SKIPPED > *?? ?? ?? ?? server certificate status verification SKIPPED > * SSL: certificate subject name (#1300) does not match target host name ' > abc.com?? ' > * Closing connection 0 > > > curl_version() output > ?? [version_number] => 475136 > ?? ?? [age] => 4 > ?? ?? [features] => 2671261 > ?? ?? [ssl_version_number] => 0 > ?? ?? [version] => 7.64.0 > ?? ?? [host] => x86_64-pc-linux-gnu > ?? ?? [ssl_version] => GnuTLS/3.3.8 > ?? ?? [libz_version] => 1.2.7 > > -sh-4.2$ curl --version > curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 GnuTLS/3.3.8 zlib/1.2.7 > > > The name verification is controlled separately, you can use > CURLOPT_SSL_VERIFYHOST [1] to disable it. However it's almost never right > to disable certificate checking to work around errors since it's a security > risk. The certificate the server gives you should be valid for the host. > > > [1]: https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html > > > --- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Occasionally facing connection issues with NSS
Hi all, I just upgraded my system build curl with gnutls -sh-4.2$ curl --version curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 GnuTLS/3.3.8 zlib/1.2.7 Release-Date: 2019-02-06 After this upgrade connections were working fine after 2-3 successfull data transfer saw this issue. 2019-04-26 03:31:49.000|info |||0||Connected to slc13paj.us.oracle.com (10.247.117.30) port 443 (#0) || qwerty.cc:123 | 2019-04-26 03:31:49.000|info |||0||Initializing NSS with certpath: sql:/etc/pki/nssdb || qwerty.cc:123 | 2019-04-26 03:31:49.000|info |||0||Unable to initialize NSS database || qwerty.cc:123 | 2019-04-26 03:31:49.000|info |||0||Initializing NSS with certpath: none || qwerty.cc:123 | 2019-04-26 03:31:49.000|info |||0||Unable to initialize NSS || qwerty.cc:123 | 2019-04-26 03:31:49.000|info |||0||Closing connection 0 To solve this I followed some steps mentioned here: https://curl-library.cool.haxx.narkive.com/BtQZVKwO/libcurl-7-21-4-with-nss But then also am facing issues. now its crashing , looks like nss is totally corrupted. attaching backtrace: (gdb) bt #0 0x7f743eca5c20 in nssToken_GetDefaultSession () from /lib64/libnss3.so #1 0x7f743eca5445 in nssSlot_IsTokenPresent () from /lib64/libnss3.so #2 0x7f743ec8bf44 in pk11_IsPresentCertLoad () from /lib64/libnss3.so #3 0x7f743ec8c818 in PK11_GetAllTokens () from /lib64/libnss3.so #4 0x7f743ec8ccab in PK11_GetBestSlotMultipleWithAttributes () from /lib64/libnss3.so #5 0x7f743ec8cd1f in PK11_GetBestSlot () from /lib64/libnss3.so #6 0x7f743ec5c622 in SECKEY_CreateECPrivateKey () from /lib64/libnss3.so #7 0x7f743f1b6ae2 in ssl_CreateECDHEphemeralKeyPair () from /lib64/libssl3.so #8 0x7f743f1c1033 in ssl_CreateStaticECDHEKeyPair () from /lib64/libssl3.so #9 0x7f743e3d5c75 in PR_CallOnceWithArg () from /lib64/libnspr4.so #10 0x7f743f1c11b9 in ssl_FilterSupportedGroups () from /lib64/libssl3.so #11 0x7f743f195353 in ssl3_config_match_init () from /lib64/libssl3.so #12 0x7f743f19a2fc in ssl3_SendClientHello () from /lib64/libssl3.so #13 0x7f743f1a4beb in ssl_BeginClientHandshake () from /lib64/libssl3.so #14 0x7f743f1aabd2 in ssl_Do1stHandshake () from /lib64/libssl3.so #15 0x7f743f1ab03f in SSL_ForceHandshake () from /lib64/libssl3.so #16 0x7f744774fced in nss_do_connect (sockindex=0, conn=0x7f740c01b220) at vtls/nss.c:1825 #17 nss_connect_common (conn=conn@entry=0x7f740c01b220, sockindex=sockindex@entry=0, done=done@entry=0x7f74206f7c29) at vtls/nss.c:1897 #18 0x7f7447751375 in Curl_nss_connect_nonblocking (conn=conn@entry =0x7f740c01b220, sockindex=sockindex@entry=0, done=done@entry=0x7f74206f7c29) at vtls/nss.c:1938 #19 0x7f744774e20e in Curl_ssl_connect_nonblocking (conn=conn@entry =0x7f740c01b220, sockindex=sockindex@entry=0, done=done@entry=0x7f74206f7c29) at vtls/vtls.c:322 #20 0x7f744770953d in https_connecting (done=0x7f74206f7c29, conn=0x7f740c01b220) at http.c:1403 #21 Curl_http_connect (conn=0x7f740c01b220, done=0x7f74206f7c29) at http.c:1373 #22 0x7f74477199f5 in Curl_protocol_connect (conn=0x7f740c01b220, protocol_done=protocol_done@entry=0x7f74206f7c29) at url.c:3605 #23 0x7f744772d1ee in multi_runsingle (multi=multi@entry=0x7f740c0008c0, now=..., data=data@entry=0x7f740d41e1c0) at multi.c:1236 ---Type to continue, or q to quit--- #24 0x7f744772dc11 in curl_multi_perform (multi_handle=0x7f740c0008c0, running_handles=0x7f74206f7d20) at multi.c:1793 #25 0x0052aab5 in General::qwer::qwww( this=this@entry=0x7f74206f80e0, finished_queries=empty std::list) at qwww #26 0x004339cd in dfgh::aaddd(this=0xae35a0) at q #27 0x00512599 in g::gg(arg=0xae35a0) at w #28 0x7f7440a35dc5 in start_thread () from /lib64/libpthread.so.0 #29 0x7f744076476d in clone () from /lib64/libc.so.6 On Fri, Apr 26, 2019 at 4:00 PM Kamil Dudka wrote: > On Friday, April 26, 2019 7:08:52 AM CEST surya chandrika via curl-library > wrote: > > I am occasionally seeing "Unable to initialize NSS database" log during > my > > curl call initialization from my CPP module using libcurl and at that > time, > > my curl calls are not working. > > *Note:* only at certain times , else is works properly without any > changes > > in system > > > > Please find the logs in working case and not working case below, if you > see > > the timestamp its just the next call:- > > The verbose output does not include any information about the reason why > NSS > failed to initialize. Could you please rebuild libcurl with the following > patch and capture the verbose output again? > > https://github.com/curl/curl/pull/3808/files > > Note that there is no vtls/ subdirectory in the source tree of curl-7.29 > but > if you just remove that substring from the patch, it applies fine on the > el7 > source code. &g
Re: Occasionally facing connection issues with NSS
The verbose output does not include any information about the reason why NSS failed to initialize. Could you please rebuild libcurl with the following patch and capture the verbose output again? https://github.com/curl/curl/pull/3808/files Yes - i will try this , Thanks On Fri, Apr 26, 2019 at 4:00 PM Kamil Dudka wrote: > On Friday, April 26, 2019 7:08:52 AM CEST surya chandrika via curl-library > wrote: > > I am occasionally seeing "Unable to initialize NSS database" log during > my > > curl call initialization from my CPP module using libcurl and at that > time, > > my curl calls are not working. > > *Note:* only at certain times , else is works properly without any > changes > > in system > > > > Please find the logs in working case and not working case below, if you > see > > the timestamp its just the next call:- > > The verbose output does not include any information about the reason why > NSS > failed to initialize. Could you please rebuild libcurl with the following > patch and capture the verbose output again? > > https://github.com/curl/curl/pull/3808/files > > Note that there is no vtls/ subdirectory in the source tree of curl-7.29 > but > if you just remove that substring from the patch, it applies fine on the > el7 > source code. > > Kamil > > > --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Occasionally facing connection issues with NSS
Please find the logs after patch: 019-04-26 04:57:09.000|info |||0||Initializing NSS with certpath: sql:/etc/pki/nssdb ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0||NSS error -8127 (SEC_ERROR_NO_TOKEN) ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0||The security card or token does not exist, needs to be initialized, or has been removed. ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0||Closing connection 0 ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0||Hostname was found in DNS cache ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0|| Trying 11.111.111.11... ||qwerty.cc:123 2019-04-26 04:57:10.000|info |||0||Connected to (11.111.111.11) port 443 (#1) ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0||Initializing NSS with certpath: sql:/etc/pki/nssdb ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0||skipping SSL peer certificate verification ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0||ALPN/NPN, server did not agree to a protocol ||qwerty.cc:123| 2019-04-26 04:57:10.000|info |||0||SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 *After this few data transfer was success and then it started continuously failing with below logs:* 2019-04-26 05:02:20.000|info |||0||Hostname was found in DNS cache ||qwerty.cc:123| 2019-04-26 05:02:20.000|info |||0|| Trying 11.111.111.11... ||qwerty.cc:123| 2019-04-26 05:02:20.000|info |||0||Connected to (11.111.111.11) port 443 (#1) ||qwerty.cc:123| 2019-04-26 05:02:20.000|info |||0||Initializing NSS with certpath: sql:/etc/pki/nssdb ||qwerty.cc:123| 2019-04-26 05:02:20.000|info |||0||Unable to initialize NSS database ||qwerty.cc:123| 2019-04-26 05:02:20.000|info |||0||Initializing NSS with certpath: none ||qwerty.cc:123| 2019-04-26 05:02:20.000|info |||0||Unable to initialize NSS On Fri, Apr 26, 2019 at 5:19 PM surya chandrika wrote: > The verbose output does not include any information about the reason why > NSS > failed to initialize. Could you please rebuild libcurl with the following > patch and capture the verbose output again? > > https://github.com/curl/curl/pull/3808/files > > Yes - i will try this , Thanks > > On Fri, Apr 26, 2019 at 4:00 PM Kamil Dudka wrote: > >> On Friday, April 26, 2019 7:08:52 AM CEST surya chandrika via >> curl-library >> wrote: >> > I am occasionally seeing "Unable to initialize NSS database" log during >> my >> > curl call initialization from my CPP module using libcurl and at that >> time, >> > my curl calls are not working. >> > *Note:* only at certain times , else is works properly without any >> changes >> > in system >> > >> > Please find the logs in working case and not working case below, if you >> see >> > the timestamp its just the next call:- >> >> The verbose output does not include any information about the reason why >> NSS >> failed to initialize. Could you please rebuild libcurl with the >> following >> patch and capture the verbose output again? >> >> https://github.com/curl/curl/pull/3808/files >> >> Note that there is no vtls/ subdirectory in the source tree of curl-7.29 >> but >> if you just remove that substring from the patch, it applies fine on the >> el7 >> source code. >> >> Kamil >> >> >> --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Occasionally facing connection issues with NSS
I am occasionally seeing "Unable to initialize NSS database" log during my curl call initialization from my CPP module using libcurl and at that time, my curl calls are not working. *Note:* only at certain times , else is works properly without any changes in system Please find the logs in working case and not working case below, if you see the timestamp its just the next call:- Working case -- 2019-03-17 13:04:29.000|info |||0||About to connect() to xxx.xxx.com port 443 (#621) ||qwerty.cc:123| 2019-03-17 13:04:29.000|info |||0|| Trying xxx.yyy.zzz.aaa... || qwerty.cc:123 | 2019-03-17 13:04:29.000|info |||0||Connected to xxx.xxx.com ( xxx.yyy.zzz.aaa ) port 443 (#621) || qwerty.cc:123 | 2019-03-17 13:04:29.000|info |||0||skipping SSL peer certificate verification || qwerty.cc:123 | 2019-03-17 13:04:29.000|info |||0||Server certificate: || qwerty.cc:123 | 2019-03-17 13:04:29.000|info |||0||HTTP/1.1 200 OK Not Working case --- 2019-03-17 13:04:30.000|info |||0||About to connect() to xxx.xxx.com port 443 (#622) || qwerty.cc:123 | 2019-03-17 13:04:30.000|info |||0|| Trying xxx.yyy.zzz.aaa ... || qwerty.cc:123 | 2019-03-17 13:04:30.000|info |||0||Connected to xxx.xxx.com ( xxx.yyy.zzz.aaa ) port 443 (#622) || qwerty.cc:123 | 2019-03-17 13:04:30.000|info |||0||Initializing NSS with certpath: sql:/etc/pki/nssdb || qwerty.cc:123 | 2019-03-17 13:04:30.000|info |||0||Unable to initialize NSS database || qwerty.cc:123 | 2019-03-17 13:04:30.000|info |||0||Initializing NSS with certpath: none || qwerty.cc:123 | 2019-03-17 13:04:30.000|info |||0||Unable to initialize NSS || qwerty.cc:123 | 2019-03-17 13:04:30.000|info |||0||Closing connection 622 || qwerty.cc:123 | And the curl -V details is:- $ curl -V curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.34 zlib/1.2.7 libidn/1.28 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz Can you please help me to find out the reason for this behavior? --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html