cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: those SSL certificates

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 30 Aug 2002 10:19:09 +0200 (MET DST)

On Fri, 30 Aug 2002, Cris Bailiff wrote:

> > Well, that could be an option if we changed the *DEFAULT to use this
> > option and we hope that most people use this... I can't really see why we
> > would like to have this a curl_global_init() option though.
>
> I just suggested it as a simpler change for client code than adding a new
> setopt - it's probably a wash, so feel free to ignore it.

Well, it would be about the same kind of change, but the curl_global_init()
would change the behavior globally for all coming curl handles, while a
setopt() option only changes the propery for that particular handle.

> I think I raised this in a 'suggestions' or TODO email a while back, but
> never got enough tuits to look at fixing this properly.

I think to did. I've personally gotten a too big TODO list to even consider
starting taking on any things like that! ;-) However, having the known
downsides or "bad manners" posted to the list should at least make people
aware of them so that they can jump in and do it if they want to.

> I'll try and get around to submitting a patch to prevent this - I was
> thinking of setting a flag for each of cafile/capath when they are changed
> by setopt, and clearing the flag when the string is passed to load_verify,
> so that each new cafile would only be loaded once.)

Yes, that seems to be the right thing to do for multiple connects using the
same verification certificates.

Actually, I think we could make more things better SSL-wise in libcurl.
Currently we create a new "SSL context" for each new connection and we remove
it when the connection gets closed. Even though the "curl easy handle" may
remain alive and be re-used again (to another or the same host). Thus I
believe we create and delete such "SSL contexts" more often than we need to.

-- 
 Daniel Stenberg -- curl related mails on curl related mailing lists please
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

Received on 2002-08-30

This message: [ Message body ]
Previous message: Cris Bailiff: "Re: those SSL certificates"
In reply to: Cris Bailiff: "Re: those SSL certificates"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]