>> A new share lock option was added - CURL_LOCK_DATA_SSL_CTX and a
>> new share option CURLSHOPT_SSL_CTX_MAX was added to control the
>> number of cached SSL_CTX objects (the default is 3).
>
> Sorry that I'm arguing here without having any real ideas about SSL,
> but why can't we use the already existing--not
> implemented--CURL_LOCK_DATA_SSL_SESSION here?

Well, I assume it was added for a reason and I assume it refers to sharing
of SSL sessions which is not the same as sharing of SSL_CTX objects (I can
go into details but I assume the use of SSL session caching is known, if not
I'll be happy to elaborate). What I've added enables the user to reuse
additional openssl specific resources (such as the certificate store among
others) that are bound to the SSL_CTX object.

Cheers,
Shmul
Received on 2007-03-08