curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl and SSL in an IMB's OnDemand environment

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 11 Sep 2019 15:18:23 +0200 (CEST)

On Wed, 11 Sep 2019, Michael Rellstab wrote:

> Do you mean, OnDemand itself has libcurl linked (statically?) into its
> binaries? And my code uses this binary instead of the libcurl that is
> installed on the Linux?

That was my question too =)

> I'm not really sure if we simply can focus on the different TLS backends.
> One thing I don't understand is, that in my code, I'm reading out the CURL's
> versions by curl_version_info(). The result is:
>
> 2019-09-10 15:11:07 DEBUG CURL version:7.29.0
> 2019-09-10 15:11:07 DEBUG CURL ssl version:NSS/3.34

I can't say that I understand your setup completely as you show NSS used here
but then the verbose output says gskit.

> So I assume, the CURL which my code uses, is the CURL that is installed on
> my Linux and therefore is the CURL that is compiled against NSS. Some steps
> later I simply call curl_easy_perform(). Thats all. Internally it is CURL
> that requests for an SSL connection. And here is the point, I'm getting
> confused. When the CURL, which my code is using, is compiled against NSS
> (CURL explain me this by curl_version_info()), what could be the reason that
> CURL wants to connect by Curl_gskit_connect_nonblocking?

It can't. It will only use gskit if it was built that way and since your
version isn't, the only explanation is that in this case it runs *another*
libcurl that is built to use gskit.

> 2019-09-10 15:11:07 DEBUG == Info: Curl_gskit_connect_nonblocking in

This verbose output message is not even done by modern libcurl. Maybe it once
did and this is just a very old libcurl with gskit.

> Shouldn't this be any other ssl connect method instead of a *gskit* method?
> Which conditions must be met that CURL uses a gskit connection method
> instead of any NSS connection method?

It was built to use gskit instead of NSS.

-- 
  / daniel.haxx.se | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-11