cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

RE: PHP/CURL SSL_ERROR_MD5_DIGEST_FAILURE during forking

From: Ben Wallach <benwallach_at_comcast.net>
Date: Thu, 12 Mar 2009 17:55:43 -0500

Thanks for your feedback.

Indeed it looks like something with either NSS or libcurl usage of NSS.

I came across the following blurb:

"...If your script forks after it has done initialization and you try to
open a outgoing socket, ie.
one that connects to a remote host, you'll get failures like "-12215 MD5
digest function failed".

This is not a bug in this module and is a recent fix in the underlying NSS
library. The PKCS#11 standard
says that after a fork all PKCS#11 modules must be reinitialized again. So
if you want to fork, make sure
you don't initialize NSS in the parent process...."

and some more related content:
https://bugzilla.mozilla.org/show_bug.cgi?id=331096
https://bugzilla.redhat.com/show_bug.cgi?id=444348

Not sure if any of this is relevant to my situation, but sure looks
suspicious.

-----Original Message-----
From: curl-and-php-bounces_at_cool.haxx.se
[mailto:curl-and-php-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Thursday, March 12, 2009 4:21 PM
To: curl with PHP
Subject: Re: PHP/CURL SSL_ERROR_MD5_DIGEST_FAILURE during forking

On Thu, 12 Mar 2009, Ben Wallach wrote:

> I recently upgraded to Linux Fedora-10 (from FC5). I have php code (in
> client mode) that forks processes fairly heavily. Within each process
https
> curl calls are made. On previous system everything worked fine. On new
> system, some of the curl connections are successful, but others yield a
curl
> error 35 (SSL Connect Error). After turning on verbosity, additional info
> revealed an "NSS -12215" error. According to Mozilla.org, this is an
> SSL_ERROR_MD5_DIGEST_FAILURE error (MD5 digest function failed).
>
> Anybody have any insights into this?

A noticable difference between the working and the non-working systems, is
the
change of SSL library from OpenSSL to NSS.

I think that if you can provide a curl command line against a public URL
that
reproduces this or a similar problem, it'd be a great way to start debugging

this.

A fair test would also be to rebuild the modern libcurl with a recent
OpenSSL
and see if that fixes the problems or not, as then we know if NSS is to
blame
or if libcurl is!

-- 
  / daniel.haxx.se
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php

Received on 2009-03-13

This message: [ Message body ]
Next message: Qu Kaichuang: "get " empty reply from server" from asp.net server unregularly"
Previous message: Daniel Stenberg: "Re: PHP/CURL SSL_ERROR_MD5_DIGEST_FAILURE during forking"
In reply to: Daniel Stenberg: "Re: PHP/CURL SSL_ERROR_MD5_DIGEST_FAILURE during forking"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]