Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Occasionally facing connection issues with NSS

From: surya chandrika via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 26 Apr 2019 17:15:49 +0530

Hi all,

I just upgraded my system

build curl with gnutls
-sh-4.2$ curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 GnuTLS/3.3.8 zlib/1.2.7
Release-Date: 2019-02-06

After this upgrade connections were working fine after 2-3 successfull data
transfer saw this issue.

2019-04-26 03:31:49.000|info |||0||Connected to slc13paj.us.oracle.com
(10.247.117.30) port 443 (#0)
|| qwerty.cc:123 |
2019-04-26 03:31:49.000|info |||0||Initializing NSS with certpath:
sql:/etc/pki/nssdb
|| qwerty.cc:123 |
2019-04-26 03:31:49.000|info |||0||Unable to initialize NSS database
|| qwerty.cc:123 |
2019-04-26 03:31:49.000|info |||0||Initializing NSS with certpath: none
|| qwerty.cc:123 |
2019-04-26 03:31:49.000|info |||0||Unable to initialize NSS
|| qwerty.cc:123 |
2019-04-26 03:31:49.000|info |||0||Closing connection 0

To solve this
I followed some steps mentioned here:
https://curl-library.cool.haxx.narkive.com/BtQZVKwO/libcurl-7-21-4-with-nss

But then also am facing issues. now its crashing , looks like nss is
totally corrupted.

attaching backtrace:

(gdb) bt
#0 0x00007f743eca5c20 in nssToken_GetDefaultSession () from
/lib64/libnss3.so
#1 0x00007f743eca5445 in nssSlot_IsTokenPresent () from /lib64/libnss3.so
#2 0x00007f743ec8bf44 in pk11_IsPresentCertLoad () from /lib64/libnss3.so
#3 0x00007f743ec8c818 in PK11_GetAllTokens () from /lib64/libnss3.so
#4 0x00007f743ec8ccab in PK11_GetBestSlotMultipleWithAttributes () from
/lib64/libnss3.so
#5 0x00007f743ec8cd1f in PK11_GetBestSlot () from /lib64/libnss3.so
#6 0x00007f743ec5c622 in SECKEY_CreateECPrivateKey () from
/lib64/libnss3.so
#7 0x00007f743f1b6ae2 in ssl_CreateECDHEphemeralKeyPair () from
/lib64/libssl3.so
#8 0x00007f743f1c1033 in ssl_CreateStaticECDHEKeyPair () from
/lib64/libssl3.so
#9 0x00007f743e3d5c75 in PR_CallOnceWithArg () from /lib64/libnspr4.so
#10 0x00007f743f1c11b9 in ssl_FilterSupportedGroups () from
/lib64/libssl3.so
#11 0x00007f743f195353 in ssl3_config_match_init () from /lib64/libssl3.so
#12 0x00007f743f19a2fc in ssl3_SendClientHello () from /lib64/libssl3.so
#13 0x00007f743f1a4beb in ssl_BeginClientHandshake () from /lib64/libssl3.so
#14 0x00007f743f1aabd2 in ssl_Do1stHandshake () from /lib64/libssl3.so
#15 0x00007f743f1ab03f in SSL_ForceHandshake () from /lib64/libssl3.so
#16 0x00007f744774fced in nss_do_connect (sockindex=0, conn=0x7f740c01b220)
at vtls/nss.c:1825
#17 nss_connect_common (conn=conn_at_entry=0x7f740c01b220,
sockindex=sockindex_at_entry=0,
    done=done_at_entry=0x7f74206f7c29) at vtls/nss.c:1897
#18 0x00007f7447751375 in Curl_nss_connect_nonblocking (conn=conn_at_entry
=0x7f740c01b220,
    sockindex=sockindex_at_entry=0, done=done_at_entry=0x7f74206f7c29) at
vtls/nss.c:1938
#19 0x00007f744774e20e in Curl_ssl_connect_nonblocking (conn=conn_at_entry
=0x7f740c01b220,
    sockindex=sockindex_at_entry=0, done=done_at_entry=0x7f74206f7c29) at
vtls/vtls.c:322
#20 0x00007f744770953d in https_connecting (done=0x7f74206f7c29,
conn=0x7f740c01b220) at http.c:1403
#21 Curl_http_connect (conn=0x7f740c01b220, done=0x7f74206f7c29) at
http.c:1373
#22 0x00007f74477199f5 in Curl_protocol_connect (conn=0x7f740c01b220,
    protocol_done=protocol_done_at_entry=0x7f74206f7c29) at url.c:3605
#23 0x00007f744772d1ee in multi_runsingle (multi=multi_at_entry=0x7f740c0008c0,
now=...,
    data=data_at_entry=0x7f740d41e1c0) at multi.c:1236
---Type <return> to continue, or q <return> to quit---
#24 0x00007f744772dc11 in curl_multi_perform (multi_handle=0x7f740c0008c0,
    running_handles=0x7f74206f7d20) at multi.c:1793
#25 0x000000000052aab5 in General::qwer::qwww(
    this=this_at_entry=0x7f74206f80e0, finished_queries=empty std::list) at
qwww
#26 0x00000000004339cd in dfgh::aaddd(this=0xae35a0) at qqqqq
#27 0x0000000000512599 in ggggg::gggggg(arg=0xae35a0) at wwwww
#28 0x00007f7440a35dc5 in start_thread () from /lib64/libpthread.so.0
#29 0x00007f744076476d in clone () from /lib64/libc.so.6

On Fri, Apr 26, 2019 at 4:00 PM Kamil Dudka <kdudka_at_redhat.com> wrote:

> On Friday, April 26, 2019 7:08:52 AM CEST surya chandrika via curl-library
> wrote:
> > I am occasionally seeing "Unable to initialize NSS database" log during
> my
> > curl call initialization from my CPP module using libcurl and at that
> time,
> > my curl calls are not working.
> > *Note:* only at certain times , else is works properly without any
> changes
> > in system
> >
> > Please find the logs in working case and not working case below, if you
> see
> > the timestamp its just the next call:-
>
> The verbose output does not include any information about the reason why
> NSS
> failed to initialize. Could you please rebuild libcurl with the following
> patch and capture the verbose output again?
>
> https://github.com/curl/curl/pull/3808/files
>
> Note that there is no vtls/ subdirectory in the source tree of curl-7.29
> but
> if you just remove that substring from the patch, it applies fine on the
> el7
> source code.
>
> Kamil
>
>
>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-04-26