curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Curl and SSL in an IMB's OnDemand environment

From: Michael Rellstab via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 10 Sep 2019 15:14:14 +0000

Hi there!

Since several days I'm trying out to get my project to work, but I don't have any success.
Giving a short overview:
I have to implement a UserExit (callback routine) for the IBM's OnDemand Software. Inside this UserExit I'm using CURL (linked as shared library).
This works perfectly as long as I don't use an SSL secured communication. As soon as I activate SSL (TLS1.2), there is no communication anymore.

I'm running on a CentOS with the NSS SSL framework compiled into CURL. When I use my UserExit without OnDemand (using the same source code, but executed by my main function),
CURL runs together with NSS without any problems. As soon as my code runs in the context of OnDemand, SSL is not working anymore. I expect, this has to do with IBM's OnDemand, because they are using their GsKit as SSL framework.

As you can see on my log output:

2019-09-10 15:11:07 DEBUG CURL version:7.29.0
2019-09-10 15:11:07 DEBUG CURL host:x86_64-redhat-linux-gnu
2019-09-10 15:11:07 DEBUG CURL features:886BD
2019-09-10 15:11:07 DEBUG CURL ssl version:NSS/3.34
2019-09-10 15:11:07 DEBUG Successfully initialized Environment
2019-09-10 15:11:07 DEBUG Try to authenticate user 'nonadmin' by external authentication server
2019-09-10 15:11:07 DEBUG == Info: Trying 192.168.27.108...
2019-09-10 15:11:07 DEBUG == Info: Connected to 192.168.27.108 (192.168.27.108) port 8443 (#0)
2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_connect_nonblocking in
2019-09-10 15:11:07 DEBUG == Info: curl_gskit_connect in fd=34
2019-09-10 15:11:07 DEBUG == Info: curl_gskit_connect after init 35 1
2019-09-10 15:11:07 DEBUG == Info: curl_gskit_connect out 35 1
2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_connect_nonblocking out 35 0
2019-09-10 15:11:07 DEBUG == Info: Closing connection 0
2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_close in
2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_close out
2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_close in
2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_close out
2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_close in
2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_close out
2019-09-10 15:11:07 ERROR Internal CURL call failed, CURLcode=35, CURLmsg=


Although my CURL is compiled against NSS (default CentOS package), it seems CURL tries to use gskit for connecting.
How can I force CURL to use NSS instead of gskit? I'm really not a professional and have too less knowledge about all this shared libraries, linking and the process context.

I would be really happy, if someone has an idea how to fix this issue or getting closer to the problem. If you need more information, just ask what you need to know
and I will try to give you as much detail as I can.

Thanks very much in advance!
Regards, Michael

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-10