cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] SSL_CTX caching - revisited

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 20 Aug 2007 15:28:53 +0200 (CEST)

On Thu, 16 Aug 2007, Shmulik Regev wrote:

> I'm re-submitting a patch to libcurl that reuses SSL_CTX objects across
> multi objects (see http://curl.haxx.se/mail/lib-2007-03/0061.html). I have
> been using the code for a couple of months now without any sign of problems.
> The implementation (which is now simpler than the original patch) assumes
> that the following openssl parameters are the same for all the multi handles
> that are binded to a share instance that implements SSL_CTX reuse: cert,
> cipher_list, CAfile, CApath.

Did you do any measurements as to what impact or improvements this brings to
your app?

Does this assumption about properties remaining the same really make sense?
Can't you just store those properties when you store the CTX in the cache and
verify that they are the same when you re-use it? Optionally, you could re-use
the CTX no matter what and set these properties (if they differ from the
previous time).

> The SSL_CTX objects (one per SSL_METHOD) are managed by the share instance
> and are freed only when the share is.

If we're adding this, I would rather like to see the multi handle introduce
automatic caching/sharing of CTX objects between the easy handles added to it.
In a similar manner to how it does for other caches.

Some nits in the code:

#1 - In Curl_ossl_connect_step1(), you declare 'cached' uninitialized and
      further down it might get assigned, or it will be used uninitialized.

#2 - share.c:36: warning: unused parameter 'user'
      share.c:36: warning: unused parameter 'ptr'
      share.c:61: warning: unused variable 'size'

#3 - a few lines now go beyond 80 columns

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-08-20