curl / Mailing Lists / curl-library / Single Mail


SSL error when using libcurl with fork in child and parent

From: joseph galois via curl-library <>
Date: Thu, 15 Jun 2017 15:25:20 +0200


I have a process (let’s call it parent) that needs to use libcurl for logging. This process forks to spawn many children that also need to use libcurl for logging. After many tests, I cannot find a way of having libcurl working properly on both parent and children at the same time. Details below:

The parent executes basing on this code scheme (just pseudocode for simplicity):
curl_global_init (CURL_GLOBAL_ALL);
fork(); //spawn a child
fork(); //spawn a child

Children, in turn, do this:
curl_global_cleanup (); //Critical line, see explanations below
curl_global_init (CURL_GLOBAL_ALL);
Both parent and children have log() defined using this scheme:

void function log(...){
        curl_easy_setopt (curl, CURLOPT_URL, url.c_str () );
        curl_easy_setopt (curl, CURLOPT_NOPROGRESS, 1L);
        curl_easy_setopt (curl, CURLOPT_POSTFIELDS, payload );
        curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, handler);
        curl_easy_setopt (curl, CURLOPT_WRITEDATA, userdata);
        curl_easy_perform (curl);
        curl_easy_cleanup (curl);

Based on this, I find the following:
If the child does not perform curl_global_cleanup then, I get a "SSL Connect error” every time I log() on both parent and child and my logging stops working at all.
If the child does perform curl_global_cleanup, then the child log() fails with the following traces:
==> Info: Initializing NSS with certpath: sql:/etc/pki/nssdb
==> Info: Unable to initialize NSS database
==> Info: Initializing NSS with certpath: none
==> Info: Unable to initialize NSS
Error: Problem with the SSL CA cert (path? access rights?)
In this case, parent log seems to continue working

I have found some related posts like these:

But the solutions proposed there require curl not to be available at the parent at all, or not to be available on it after the fork. Unfortunately I need the parent to log both before and after the fork.

I’m also aware that the problem is somehow related to the fact I’m using nss, because with gnutls the problem does not seem to emerge. Unfortunately again, nss is a must in my stack.

Then, the questions is: Is there a way to instruct libcurl so that I can use it safely at both parent and children with nss?

Details on my setup are the following:

CentOS 6 (Red Hat 4.8.3-9)

curl 7.51.0 (x86_64-redhat-linux-gnu) libcurl/7.51.0 NSS/3.21.3 Basic ECC zlib/1.2.8 libidn2/0.16 libpsl/0.6.2 (+libicu/50.1.2) libssh2/1.4.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets PSL

Thanks in advance.


Received on 2017-06-15