On Fri, 3 Jul 2020, Felipe Gasper wrote:
The documentation for CURLOPT_SSL_CTX_FUNCTION states that that callback
fires “just before the initialization of an SSL connection”. To change that
so that the callback fires after the SSL and CTX are both available would
indeed facilitate the usage I envision, but it would seem to be a breaking
change, both in terms of when the callback fires and of the input signature
that the callback would need to implement:
I suggested we'd create the SSL context (SSL_new) before the callback is
called. That wouldn't change the fact that the callback would be made before
the initialization of the connection. I don't see how such a change would even
be noticable by existing users of the callback.
1) Instead of firing before the SSL initialization it would need to fire after
it.
That assumes that you by "SSL initialization" mean just calling SSL_new, which
I'm pretty sure the documentation doesn't.
Possibly it also depends on if you expect libcurl to have done all what it
wants to the SSL context by the time it calls the callback.
2) Instead of passing in the SSL_CTX it would need to pass in both, or just
the SSL (from which the CTX can be derived).
Couldn't we make sure CURLINFO_TLS_SSL_PTR works?
--
/ daniel.haxx.se | Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
