Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Issues implementing an async certificate validation engine

From: Valerio Di Gregorio \(vadigreg\) via curl-users <curl-users_at_cool.haxx.se>
Date: Tue, 11 Feb 2020 16:28:00 +0000

Hello,
This is my first post here, I need some help with certificate validation. I used curl multi interface and CURLOPT_SSL_CTX_FUNCTION so that I can use SSL_CTX_set_cert_verify_callback() and SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ASYNC) to provide my own implementation of an async certificate validation engine. Such implementation uses IPCs to delegate certificate validation to another process. The idea is (pseudo code follows):

// this happens in process #1 in my_cert_verify_callback()
ctx = OPENSSL_malloc(sizeof(my_async_engine_ctx_t));
ctx->job = ASYNC_get_current_job()
ctx->wait_ctx = ASYNC_get_wait_ctx(job)
pipe(ctx->fds);
ASYNC_WAIT_CTX_set_wait_fd(ctx->wait_ctx, ctx, ctx->fds[0], ctx, my_async_engine_cleanup_cb);

async_validation_request(ctx->fds[1], cert, cert_len); // this requests cert validation to process #2 via IPC

printf("pause")
ASYNC_pause_job();
printf("resume")

read(ctx->fds[0], &validation_result, sizeof(validation_result));

For simplicity I omitted error checks (in my runs I have no error in any of the mentioned functions). When async response comes in, via IPC, what I do is:

// this happens in process #1
write(write_fd, &status, sizeof(status)); // I verified write_fd == ctx->fds[1]

I see 2 different issues with this:

  1. ASYNC_pause_job() can wake up before write(). It will then block on the read(), which is too bad in my single-threaded code.
  2. I fixed case 1 by making read() non-blocking, I then run ASYNC_pause_job() again and again until write() is actually performed. So now I hit another issue. Time between printf("pause") and write() is ~100/200 milliseconds. However time between write() and printf("resume") is usually ~4.5 seconds and this way too much.

Is there a reliable way (only when data is really ready) and a prompt way (in order of micro/milli-seconds) to wake up from ASYNC_pause_job()?

Many thanks, any help would be much appreciated.

Kind Regards,
Valerio Di Gregorio

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-02-11