On Wed, Sep 12, 2007 at 03:38:13PM -0700, Alexey Pesternikov wrote:
> Sometimes the library user needs to verify address against some sort of black
> list. Parsing and resolving address before calling libcurl would be a really
> bad idea. It could be time consuming without local DNS cache and, worst of all,
> leave a possibility for avoiding the blacklist using specially crafted DNS
> server using the race condition.
>
> We just implemented a new callback exactly for that. The callback is called for
> every resolved IP address, and callback function function must return -1 if bad
> address or 0 if ok.
>
> Please see patch against 7.16.4 attached.
> Any comments are appreciatred.

It would be useful if such a callback could also be used to replace the IP
address to be used for the connection as well. That's a feature that
is requested regularly on this list.

What about extending the existing curl_sockopt_callback callback function
instead of creating a new one? An additional address parameter could be
tacked on to the end of the parameter list in a backward-compatible way.
That would provide the address that is about to be used in the subsequent
connect call, and could also permit it to be changed. That also avoids
having to potentially loop through a bunch of addresses, only one of which
will be probably be used, to give the app a chance to blacklist them.

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved