curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Issues implementing an async certificate validation engine

From: Valerio Di Gregorio \(vadigreg\) via curl-library <>
Date: Tue, 11 Feb 2020 17:17:26 +0000

This is my first post here, I need some help with certificate validation. I used curl multi interface and CURLOPT_SSL_CTX_FUNCTION so that I can use SSL_CTX_set_cert_verify_callback() and SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ASYNC) to provide my own implementation of an async certificate validation engine. Such implementation uses IPCs to delegate certificate validation to another process. The idea is (pseudo code follows):

// this happens in process #1 in my_cert_verify_callback()
pipe_read_fd, pipe_write_fd = create_pipe_for_validation_result();
async_validation_request(pipe_write_fd, cert, cert_len); // this requests cert validation to process #2 via IPC
read(pipe_read_fd, &validation_result, sizeof(validation_result));

When async response comes in, via IPC, what I do is:

// this happens in process #1
write(pipe_write_fd, &status, sizeof(status));

I see 2 different issues with this:

  1. ASYNC_pause_job() can wake up before write(). It will then block on the read(), which is too bad in my single-threaded code.
  2. I fixed case 1 by making read() non-blocking, I then run ASYNC_pause_job() again and again until write() is actually performed. So now I hit another issue. Time between printf("pause") and write() is ~100/200 milliseconds. However time between write() and printf("resume") is usually ~4.5 seconds and this way too much.

My understanding is that ASYNC_start_job() has to be called again by libcurl to resume the async job. This generally happen in SSL I/O calls like SSL_Read/Write. Matt from OpenSSL mailing-list told me: "When your application knows that the callback is ready to continue it must ensure that whatever OpenSSL I/O operation was in progress prior to the pause is then invoked again.". Do you know of any libcurl function I can call to resume the SSL async job?
Many thanks, any help would be much appreciated.

Kind Regards,
Valerio Di Gregorio

Received on 2020-02-11