Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: 7.58.0 curl_global_sslset returns CURLSSLSET_TOO_LATE

From: Pawel Veselov via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 28 Jan 2020 23:13:08 +0100

On Tue, Jan 28, 2020 at 10:24 PM Ray Satiro via curl-library <
curl-library_at_cool.haxx.se> wrote:

> On 1/28/2020 1:17 PM, Pawel Veselov via curl-library wrote:
> >
> > I have a simple prologue code in my program to select SSL backend. It
> > works on relatively
> > recent versions (e.g. 7.65), but specifically on 7.58 ("latest" for
> > Ubuntu 18),
> > curl_global_sslset() returns CURLSSLSET_TOO_LATE.
> > I thought somebody else may be calling init function, but I can see
> > from the source code
> > that it simply returns TOO_LATE if there are no multiple SSL backends,
> > and if ID
> > doesn't match the ID of the backend that was actually compiled in.
> >
> > Could you please save me some investigative time and let me know in
> > which version
> > was this changed so that calling this with without IDs returns list of
> > available backends even
> > in case of single backend?
>
>
> sslset also returns too late if it has been called after global init.
>

global init hasn't been called.

> How are you calling it, with name or id?

I just want the list, so I pass id of -1 and name of 0.

> There was an issue when id was
> set to -1 that was fixed [1] a year ago. Also there was an improvement
> in 7.60 to return the backends even if too late [2]. The change is
> documented you could test for it like this:
>
> if(rc != CURLSSLSET_OK) {
> curl_version_info_data *verinfo = curl_version_info(CURLVERSION_NOW);
> if(verinfo->version_num >= CURL_VERSION_BITS(7,60,0)) {
> /* backend list available even if CURLSSLSET_TOO_LATE */
> }
> }
>

Ah, I see. The bone that I have to pick with this is that return of
TOO_LATE can happen because either global init was called, or
because there is only one backend (and I didn't guess right), and
I can't really tell the difference.

The whole deal here is that I want to prevent getting libcurl with one
backend in particular. I guess my logic should be:
* call sslset with -1/NULL. If that gives me a list of backends,
pick the one that I want, and call sslset again, and see if it worked
* If there was no list of backends, try to call with the bad
  backend ID, and see if then it succeeds. If it does, then I have
  a backend I don't want

>
> [1]: https://github.com/curl/curl/commit/2456152
> [2]: https://github.com/curl/curl/commit/d0394de
>
>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-28