curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Issues implementing an async certificate validation engine

From: Valerio Di Gregorio \(vadigreg\) via curl-users <>
Date: Tue, 11 Feb 2020 16:28:00 +0000

This is my first post here, I need some help with certificate validation. I used curl multi interface and CURLOPT_SSL_CTX_FUNCTION so that I can use SSL_CTX_set_cert_verify_callback() and SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ASYNC) to provide my own implementation of an async certificate validation engine. Such implementation uses IPCs to delegate certificate validation to another process. The idea is (pseudo code follows):

// this happens in process #1 in my_cert_verify_callback()
ctx = OPENSSL_malloc(sizeof(my_async_engine_ctx_t));
ctx->job = ASYNC_get_current_job()
ctx->wait_ctx = ASYNC_get_wait_ctx(job)
ASYNC_WAIT_CTX_set_wait_fd(ctx->wait_ctx, ctx, ctx->fds[0], ctx, my_async_engine_cleanup_cb);

async_validation_request(ctx->fds[1], cert, cert_len); // this requests cert validation to process #2 via IPC


read(ctx->fds[0], &validation_result, sizeof(validation_result));

For simplicity I omitted error checks (in my runs I have no error in any of the mentioned functions). When async response comes in, via IPC, what I do is:

// this happens in process #1
write(write_fd, &status, sizeof(status)); // I verified write_fd == ctx->fds[1]

I see 2 different issues with this:

  1. ASYNC_pause_job() can wake up before write(). It will then block on the read(), which is too bad in my single-threaded code.
  2. I fixed case 1 by making read() non-blocking, I then run ASYNC_pause_job() again and again until write() is actually performed. So now I hit another issue. Time between printf("pause") and write() is ~100/200 milliseconds. However time between write() and printf("resume") is usually ~4.5 seconds and this way too much.

Is there a reliable way (only when data is really ready) and a prompt way (in order of micro/milli-seconds) to wake up from ASYNC_pause_job()?

Many thanks, any help would be much appreciated.

Kind Regards,
Valerio Di Gregorio

Received on 2020-02-11