Hi,

I have hit a problem with the NSS TLS backend when used from multiple
threads concurrently. A test case is attached.

Briefly, a number of threads try to request an https URL each, at nearly
the same time. Sometimes it works, but every few runs[1] it produces
the error message:

    error 77: Problem with the SSL CA cert (path? access rights?)

I have traced the problem to this line in nss_create_object():

    slot = PK11_FindSlotByName(slot_name);

If I serialise the call then the error does not (seem to) occur,
e.g. arbitrarily using nss_crllock:

    PR_Lock(nss_crllock);
    slot = PK11_FindSlotByName(slot_name);
    PR_Unlock(nss_crllock);

I had a look at PK11_FindSlotByName() but I don't know what it's supposed
to be doing. Any help would be appreciated.

Peter

[1] The test system is a CentOS 7 VM with 4 cores. I used the system
libcurl (7.29.0) and also the latest release libcurl/7.50.1, both with
the system supplied NSS (3.21).

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html