Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Add CURLOPT_SSL_PTR_FUNCTION callback?

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 7 Jul 2020 18:17:18 +0200 (CEST)

On Fri, 3 Jul 2020, Felipe Gasper wrote:

> The documentation for CURLOPT_SSL_CTX_FUNCTION states that that callback
> fires “just before the initialization of an SSL connection”. To change that
> so that the callback fires after the SSL and CTX are both available would
> indeed facilitate the usage I envision, but it would seem to be a breaking
> change, both in terms of when the callback fires and of the input signature
> that the callback would need to implement:

I suggested we'd create the SSL context (SSL_new) before the callback is
called. That wouldn't change the fact that the callback would be made before
the initialization of the connection. I don't see how such a change would even
be noticable by existing users of the callback.

> 1) Instead of firing before the SSL initialization it would need to fire after it.

That assumes that you by "SSL initialization" mean just calling SSL_new, which
I'm pretty sure the documentation doesn't.

Possibly it also depends on if you expect libcurl to have done all what it
wants to the SSL context by the time it calls the callback.

> 2) Instead of passing in the SSL_CTX it would need to pass in both, or just
> the SSL (from which the CTX can be derived).

Couldn't we make sure CURLINFO_TLS_SSL_PTR works? 

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-07-07