Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl and SSL in an IMB's OnDemand environment

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 10 Sep 2019 17:38:53 +0200 (CEST)

On Tue, 10 Sep 2019, Michael Rellstab via curl-library wrote:

> Since several days I'm trying out to get my project to work, but I don't
> have any success. Giving a short overview: I have to implement a UserExit
> (callback routine) for the IBM's OnDemand Software. Inside this UserExit I'm
> using CURL (linked as shared library). This works perfectly as long as I
> don't use an SSL secured communication. As soon as I activate SSL (TLS1.2),
> there is no communication anymore.

This seems to assume a few things that you didn't explain.

This "OnDemand Software" calls the callback you write. How is that using
libcurl? Is this software linked with libcurl already so you're just calling
the libcurl API from within this callback?

> I'm running on a CentOS with the NSS SSL framework compiled into CURL. When
> I use my UserExit without OnDemand (using the same source code, but executed
> by my main function), CURL runs together with NSS without any problems. As
> soon as my code runs in the context of OnDemand, SSL is not working anymore.
> I expect, this has to do with IBM's OnDemand, because they are using their
> GsKit as SSL framework.

If you're using libcurl the same way but it behaves differently depending on
which TLS backend that runs, then I think we can focus on the differences in
the TLS backends.

The gskit code in curl is virtually unmaintained and it is likely to be the
worst TLS choice of all the TLS backends libcurl supports. gskit is also not
available for me to use so I can't test or improve it either.

> 2019-09-10 15:11:07 DEBUG CURL version:7.29.0

Can I also highlight that this is a *very* old curl version.

> I would be really happy, if someone has an idea how to fix this issue or
> getting closer to the problem. If you need more information, just ask what
> you need to know and I will try to give you as much detail as I can.

I'd urge you to contact the OnDmeand support as they are the ones providing
this API for you. And they provide a libcurl built with gskit for you.
Alternatively, ask the gskit team how you can debug your gskit-using
libcurl-omdemand application and its TLS connections. I don't see how we can
help with that! 

-- 
  / daniel.haxx.se | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-10