Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

connecting to multiple hosts (who have the same identical SSL cert) simultaneously using libcurl multi interface

From: Russell Cote via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 14 Aug 2017 10:15:12 -0600

Let me first point out that I have a stupid problem but a problem none the
less that I'm hoping someone can recommend a work around for.

I have several embedded systems that share the same SSL cert (baked in the
image) that I'm trying to connect to simultaneously using libcurl's multi
interface. The problem that I'm experiencing is that I'm only able to
connect to one of these embedded hosts at a time otherwise I get the
following error (35, 'You are attempting to import a cert with the same
issuer/serial as an existing cert, but that is not the same cert.') when I
connect to more than one host at a time.

I've configured libcurl with CURLOPT_SSL_VERIFYPEER = 0 &
CURLOPT_SSL_VERIFYHOST = 0 in hopes that the cert duplication will be
ignored but I still encounter the above error. I believe this error is
being generated by NSS and not libcurl.

The libcurl info for the Centos 7 box that I using to connect to the
embedded hosts:
CentOS Linux release 7.3.1611 (Core)
libcurl.x86_64 7.29.0-35.el7.centos installed

libcurl-devel.x86_64 7.29.0-35.el7.centos @bb-c7-base_2017_05_02_02_37
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.21 Basic ECC
zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
unix-sockets

My searching of the internet on this issue did not yield much help other
than some hints to potentially use a newer version of libcurl compiled with
openssl instead of NSS but my concern with this route is that I'll break
Centos' other packages and tools by changing the libcurl ssl library.

Ideally, I would load a new SSL cert onto the embedded hosts but that's a
long term solution but I'm hoping someone has some short term that I can
work around this issue with.

Thank you,
Russell

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-08-14