curl / Mailing Lists / curl-library / Single Mail


connecting to multiple hosts (who have the same identical SSL cert) simultaneously using libcurl multi interface

From: Russell Cote via curl-library <>
Date: Mon, 14 Aug 2017 10:15:12 -0600

Let me first point out that I have a stupid problem but a problem none the
less that I'm hoping someone can recommend a work around for.

I have several embedded systems that share the same SSL cert (baked in the
image) that I'm trying to connect to simultaneously using libcurl's multi
interface. The problem that I'm experiencing is that I'm only able to
connect to one of these embedded hosts at a time otherwise I get the
following error (35, 'You are attempting to import a cert with the same
issuer/serial as an existing cert, but that is not the same cert.') when I
connect to more than one host at a time.

I've configured libcurl with CURLOPT_SSL_VERIFYPEER = 0 &
CURLOPT_SSL_VERIFYHOST = 0 in hopes that the cert duplication will be
ignored but I still encounter the above error. I believe this error is
being generated by NSS and not libcurl.

The libcurl info for the Centos 7 box that I using to connect to the
embedded hosts:
CentOS Linux release 7.3.1611 (Core)
libcurl.x86_64 7.29.0-35.el7.centos installed

libcurl-devel.x86_64 7.29.0-35.el7.centos @bb-c7-base_2017_05_02_02_37
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.21 Basic ECC
zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz

My searching of the internet on this issue did not yield much help other
than some hints to potentially use a newer version of libcurl compiled with
openssl instead of NSS but my concern with this route is that I'll break
Centos' other packages and tools by changing the libcurl ssl library.

Ideally, I would load a new SSL cert onto the embedded hosts but that's a
long term solution but I'm hoping someone has some short term that I can
work around this issue with.

Thank you,

Received on 2017-08-14