On Tue, 10 Sep 2019, Michael Rellstab via curl-library wrote:
Since several days I'm trying out to get my project to work, but I don't
have any success. Giving a short overview: I have to implement a UserExit
(callback routine) for the IBM's OnDemand Software. Inside this UserExit I'm
using CURL (linked as shared library). This works perfectly as long as I
don't use an SSL secured communication. As soon as I activate SSL (TLS1.2),
there is no communication anymore.
This seems to assume a few things that you didn't explain.
This "OnDemand Software" calls the callback you write. How is that using
libcurl? Is this software linked with libcurl already so you're just calling
the libcurl API from within this callback?
I'm running on a CentOS with the NSS SSL framework compiled into CURL. When
I use my UserExit without OnDemand (using the same source code, but executed
by my main function), CURL runs together with NSS without any problems. As
soon as my code runs in the context of OnDemand, SSL is not working anymore.
I expect, this has to do with IBM's OnDemand, because they are using their
GsKit as SSL framework.
If you're using libcurl the same way but it behaves differently depending on
which TLS backend that runs, then I think we can focus on the differences in
the TLS backends.
The gskit code in curl is virtually unmaintained and it is likely to be the
worst TLS choice of all the TLS backends libcurl supports. gskit is also not
available for me to use so I can't test or improve it either.
2019-09-10 15:11:07 DEBUG CURL version:7.29.0
Can I also highlight that this is a *very* old curl version.
I would be really happy, if someone has an idea how to fix this issue or
getting closer to the problem. If you need more information, just ask what
you need to know and I will try to give you as much detail as I can.
I'd urge you to contact the OnDmeand support as they are the ones providing
this API for you. And they provide a libcurl built with gskit for you.
Alternatively, ask the gskit team how you can debug your gskit-using
libcurl-omdemand application and its TLS connections. I don't see how we can
help with that!
--
/ daniel.haxx.se | Get the best commercial curl support there is - from me
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
