(In reply to Jan Dobes from comment #0)
> Description of problem:
> When I'm using pycurl + threading modules with SSL in python, execution will
> crash with SEC_ERROR_NO_TOKEN error coming from libcurl.

Yes, this is a known bug of NSS as you have already figured out.

> How reproducible:
> almost always

It was not that easy to reproduce in my environment when I tried it recently.

> Actual results:
> pycurl perform() calls will crash

If it returns SEC_ERROR_NO_TOKEN, it is not really a crash, just a spurious failure.  A python script may crash if the exception is not handled, but that is another story.

> Additional info:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1297397

We should probably create a RHEL-7 bug for this to force NSS maintainers sponsored by Red Hat to at least have a look.  It is a bug of NSS after all.  If you have a business justification, it would also help.

> https://github.com/curl/curl/commit/3a5d5de9ef52ebe8ca2bda2165edc1b34c242e54

I am fine with including the above patch in a RHEL-7 update.  It will fix only libcurl-based applications though.

follow-up commit upstream:

https://github.com/curl/curl/commit/25ed9ea5

Kamil, is this issue limited to RHEL 7, not RHEL 6 ?

(In reply to Kai Engert (:kaie) from comment #4)
> Kamil, is this issue limited to RHEL 7, not RHEL 6 ?

The bug in NSS source code must be in both of them but I was debugging it on RHEL-7 only.

This bug neither blocks, nor depends on bug #1413619.  In other words, each of them can fixed without fixing the other bug first.  I am weakening the relation to See Also.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2016