cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] possibly dangerous warnigns in lib/nss.c

From: Daniel Stenberg <>
Date: Tue, 13 Oct 2009 05:21:50 +0200 (CEST)

On Fri, 9 Oct 2009, Kamil Dudka wrote:

> Another approach is that from Firefox. We try to connect with TLS enabled.
> If the connection fails with certain errors (-12226, -12229, ...), we try to
> connect once again with TLS disabled. I am not sure if libcurl design is
> ready for such solution.

It doesn't really do anything like that today, but it would need to do the
equivalent of:

  1 - marking the current connection to get closed on end-of-use
  2 - set the easy handle to "try next connection with TLS disabled", which we
      currently can't. It must not just alter any option that the user has set
      since repeated uses of this handle must still do right.
  3 - set the URL field to do a second request to the same URL. This method is
      already done by the multi-pass HTTP auth methods etc.

> But we need to solve the problem. Users expect from libcurl to connect all
> sites they can connect with Firefox, no matter how broken the servers are.

Yes, they do. And I think that is a fair expectation in most situations.

List admin:
Received on 2009-10-13