On Tue, 23 Apr 2013, Jerry Qassar wrote:
easy: Increment engine reference in curl_easy_duphandle
When external programs (such as git) try to set the SSL engine, they set the
engine in the default handle but subsequently (if using multi) obtain a
duplicate handle to do the actual work.
curl_easy_duphandle did not do anything with state.engine if set; make it do
so by getting the engine ID of the source handle and incrementing the
reference count with another curl_ssl_set_engine call.
To my limited knowledge this is the 'proper' way to handle additional
handles needing a non-default engine. Please advise if otherwise; handling
of the default engine flag across handles is not attempted.
I'm not aware of anyone usually hanging around here that is an expert on this
subject so your ideas here are just as good as us others'. If the
documentation and testing say this works, then it seems like a good idea.
But I would like to ask you to make a full patch and send it separately from
the config file load patch, since they are actually independent.
ssluse: Add Petr Pisar's patch to read OpenSSL conf file
In 2010 Petr Pisar supplied a patch to allow curl to parse OpenSSL
configuration files (either default or env-specified), enabling the use of
dynamic engines such as those used for smartcard support. Original
discussion of the patch terminated here:
First, the discussion was paused there
(http://curl.haxx.se/mail/archive-2010-03/0037.html) since nobody responded to
Yang's fine comments as far as I can see. I think they still deserve getting
addressed. For example, don't we risk hurting existing users/applications by
suddenly doing this by default, or the other way: do we need a way to allow
applications to switch this ability off?
Secondly, the loading of config files for OpenSSL seems to be required for
proper ENGINE use, but is somewhat problematic and we already have an open bug
report about it that hasn't been resolved yet:
http://sourceforge.net/p/curl/bugs/1208/
Related to the second point, docs/INTERNALS says we maintain compatibility
with OpenSSL 0.9.6. We either do that and thus make sure we use later
functions (as as these config file loading ones) conditionally, or we update
the document...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
