Hi,
I have a process (let’s call it parent) that needs to use libcurl for logging.
This process forks to spawn many children that also need to use libcurl for
logging. After many tests, I cannot find a way of having libcurl working
properly on both parent and children at the same time. Details below:
The parent executes basing on this code scheme (just pseudocode for simplicity):
...
curl_global_init (CURL_GLOBAL_ALL);
...
log();
fork(); //spawn a child
log();
...
log();
fork(); //spawn a child
log();
...
Children, in turn, do this:
...
curl_global_cleanup (); //Critical line, see explanations below
curl_global_init (CURL_GLOBAL_ALL);
log();
log();
...
Both parent and children have log() defined using this scheme:
void function log(...){
curl_easy_init();
curl_easy_setopt (curl, CURLOPT_URL, url.c_str () );
curl_easy_setopt (curl, CURLOPT_NOPROGRESS, 1L);
curl_easy_setopt (curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP |
CURLPROTO_HTTPS);
curl_easy_setopt (curl, CURLOPT_POSTFIELDS, payload );
curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, handler);
curl_easy_setopt (curl, CURLOPT_WRITEDATA, userdata);
curl_easy_perform (curl);
curl_easy_cleanup (curl);
}
Based on this, I find the following:
If the child does not perform curl_global_cleanup then, I get a "SSL Connect
error” every time I log() on both parent and child and my logging stops working
at all.
If the child does perform curl_global_cleanup, then the child log() fails with
the following traces:
==> Info: Initializing NSS with certpath: sql:/etc/pki/nssdb
==> Info: Unable to initialize NSS database
==> Info: Initializing NSS with certpath: none
==> Info: Unable to initialize NSS
Error: Problem with the SSL CA cert (path? access rights?)
In this case, parent log seems to continue working
I have found some related posts like these:
https://curl.haxx.se/mail/archive-2013-02/0032.html
https://stackoverflow.com/questions/15466809/libcurl-ssl-error-after-fork
http://curl-library.cool.haxx.narkive.com/c47UZBtf/ssl-error-after-fork
But the solutions proposed there require curl not to be available at the parent
at all, or not to be available on it after the fork. Unfortunately I need the
parent to log both before and after the fork.
I’m also aware that the problem is somehow related to the fact I’m using nss,
because with gnutls the problem does not seem to emerge. Unfortunately again,
nss is a must in my stack.
Then, the questions is: Is there a way to instruct libcurl so that I can use it
safely at both parent and children with nss?
Details on my setup are the following:
OS
CentOS 6 (Red Hat 4.8.3-9)
CURL
curl 7.51.0 (x86_64-redhat-linux-gnu) libcurl/7.51.0 NSS/3.21.3 Basic ECC
zlib/1.2.8 libidn2/0.16 libpsl/0.6.2 (+libicu/50.1.2) libssh2/1.4.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL
libz UnixSockets PSL
Thanks in advance.
Joseph.
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
