libCurl SSL error after fork()
To make this work, you need to call curl_global_cleanup
before fork
and curl_global_init
again after fork
. Someone in the libcurl mailing list mentioned that this is a common problem when calling fork
after initializing libraries that need to be initialized.
Curl and pcntl_fork()
After a lot of research, I uncovered that the issue is not a new and is a problem with php's implementation of CURL. These other questions helped me to come up with the solution I've shared below:
- SSL Requests made with cURL fail after process fork
- libCurl SSL error after fork()
What I ended up doing was to use pcntl_exec which replaces the current child process with the command provided.
$this->initialize_curl();
$this->connect_database();
// prime the queue
$this->add_url_to_queue($this->source_url, 0, 0);
$this->process_next_url_in_queue($this->get_next_url_in_queue());
// loop until we have processed all URL's
while (1) {
$url = $this->get_next_url_in_queue();
// disconnect from the database before forking since we don't want to
// share the database connection with child processes - the first one
// will close it and ruin the fun for the other children.
curl_close($this->ch);
$this->db->close();
// create child
$pid = pcntl_fork();
// handle forked processing
switch ($pid) {
// error
case -1:
print "Could not fork\n";
exit;
// child
case 0:
// seperate database and curl for the child
$this->connect_database();
$this->initialize_curl();
// process the url
pcntl_exec('process_next_url_in_queue.php', array($url));
exit;
// parent
default:
// seperate database and curl for the parent
$this->connect_database();
$this->initialize_curl();
break;
}
}
Git Clone Fails with sslRead() error on OS X Yosemite
Javabrett's link got me to the answer, it revolves around Yosemite using an incorrect SSL dependency, which Git ends up using.
Installing Git via homebrew with these flags works:
brew install git --with-brewed-curl --with-brewed-openssl
Or:
brew reinstall git --with-brewed-curl --with-brewed-openssl
Fixing git HTTPS Error: bad key length on macOS 12
Unfortunately I can't provide you with a fix, but I've found a workaround for that exact same problem (company-hosted bitbucket resulting in exact same error).
I also don't know exactly why the problem occurs, but my best guess would be that the libressl library shipped with Monterey has some sort of problem with specific (?TLSv1.3) certs. This guess is because the brew-installed openssl v1.1 and v3 don't throw that error when executed with /opt/homebrew/opt/openssl/bin/openssl s_client -connect ...:443
To get around that error, I've built git from source built against different openssl and curl implementations:
- install
autoconf
,openssl
andcurl
with brew (I think you can select the openssl lib you like, i.e. v1.1 or v3, I chose v3) - clone git version you like, i.e.
git clone --branch v2.33.1 https://github.com/git/git.git
cd git
make configure
(that is why autoconf is needed)- execute
LDFLAGS="-L/opt/homebrew/opt/openssl@3/lib -L/opt/homebrew/opt/curl/lib" CPPFLAGS="-I/opt/homebrew/opt/openssl@3/include -I/opt/homebrew/opt/curl/include" ./configure --prefix=$HOME/git
(here LDFLAGS and CPPFLAGS include the libs git will be built against, the right flags are emitted by brew on install success of curl and openssl; --prefix is the install directory of git, defaults to/usr/local
but can be changed) make install
- ensure to add the install directory's subfolder
/bin
to the front of your$PATH
to "override" the default git shipped by Monterey - restart terminal
- check that
git version
shows the new version
This should help for now, but as I already said, this is only a workaround, hopefully Apple fixes their libressl fork ASAP.
libCurl. Cancel request while proceed
What you need to understand is that CURL is a C library. In general, you cannot pass pointers to C++ objects or functions because C does not know anything about C++'s classes and calling convention.
For example, this line is incorrect:
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorBuffer);
CURL setopt CURLOPT_ERRORBUFFER
expects that the third parameter is a pointer to a C-style string (C-style char
array) having space for CURL_ERROR_SIZE
chars. You are instead passing a pointer to a std::string
object. As CURL, being written in C, does not know what a std::string
is, it simply overwrites the byte representation having sizeof (std::string)
bytes with the error data because it thinks that the pointer is to a C-style char
array.
Use this instead:
char errorBuffer[CURL_ERROR_SIZE + 1]; errorBuffer[CURL_ERROR_SIZE] = '\0';
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorBuffer);
errorBuffer
is only filled with a valid string if curl_easy_perform()
returns an error code.
Also, Uploader::WriteResponce
is a C++ function. With this line:
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteResponce);
CURL expects the third parameter to be a pointer-to-C function. Here, you are passing a pointer-to-C++ function. You need to wrap the call to WriteResponce
in an extern "C"
function that calls the C++ function:
extern "C" size_t call_uploader_writeresponce(char *ptr, size_t size, size_t nmemb, void *user_data) {
return Uploader::WriteResponce(ptr, size, nmemb, static_cast<std::string *>(user_data));
}
// ...
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, &call_uploader_writeresponce);
The "write function" needs to return size_t
, not int
; Uploader::WriteResponce
needs to return size_t
.
Unable to resolve unable to get local issuer certificate using git on Windows with self-signed certificate
An answer to Using makecert for Development SSL fixed this for me.
I do not know why, but the certificate created by the simple 'Create Self Signed Certificate' link in IIS Manager does not do the trick. I followed the approach in the linked question of creating and installing a self-signed CA Root; then using that to issue a Server Authentication Certificate for my server. I installed both of them in IIS.
That gets my situation the same as the blog post referenced in the original question. Once the root certificate was copy/pasted into curl-ca-bundle.crt the git/curl combo were satisfied.
How to make libcurl follow redirection by default?
No. libcurl has no default config file or anything like that.
Related Topics
Phusion Passenger Nginx Module Installer V3.0.17 Issue on Debian 6.0.5 Amd64 Due to Broken Package
Linux Kernel: Copy_From_User - Struct with Pointers
Perf_Event_Open Always Returns -1
Shuffle Output of Find with Fixed Seed
Glassfish There Is a Process Already Using the Admin Port 4848
Escaping Single Quotes in Shell for Postgresql
How to Escape Unusual/Uniq Characters from Expect Scripts
Shell Script Error: "Head: Invalid Trailing Option -- 1"
How to Monitor the Amount of Simd Instruction Usage
Calculating Memory of a Process Using Proc File System
Bash/Linux Sort by 3Rd Column Using Custom Field Seperator
How to Get the Exit Status of the First Command in a Pipe
Django on Apache Wtih Mod_Wsgi (Linux) - 403 Forbidden
R Package Installation in Linux
Difference Between Source and ./ Execution of Linux Scripts
Perf Tool Stat Output: Multiplex and Scaling of "Cycles"
How to Fix Nginx 502: Bad Gateway Error on a Digital Ocean Droplet - Ubuntu 20.04