Hello, Please I am attempting to integrate an asynchronous certificate verification callback into our curl multi based http engine. We use CURLMOPT_SOCKETFUNCTION to manually schedule file descriptors.
Proper approach how to do this seems to be to use *CURLOPT_SSL_CTX_FUNCTION to register custom ctx function from which *SSL_CTX_set_cert_verify_callback can be used to register a verify callback. When this cert_verify_callback is invoked, I obtain the chain of certificates and post it for verification. Then I “return SSL_set_retry_verify(ssl);” from it. This works, however the problem is that the sockets scheduled by multi on behalf of this easy are not unscheduled; thus we busy loop until the cert verification finishes. How should we proceed? It seems that curl_easy_pause does not touch sockets (I understand due to the fact it has to work in http2 mode it is most likely implemented on other layer than on fd layer). In documentation of CURLMOPT_SOCKETFUNCTION we are warned to not use the CURL* provided as it may be an internal temporary; it is also not documented what happens if eg. such socket is moved from multi pool or back into the multi pool on easy finishing etc.. What is the proper approach to preventing this busy loop please? Ondrej
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
