However, the legacy code does some fairly involved wrangling during the OpenSSL connection/initialisation phase (don't ask...), and we need to continue doing that. Picking it to pieces and trying to squeeze it into a CURLOPT_SSL_CTX_FUNCTION callback looks tricky and error prone, and we're not even sure it'll work.The function is
An application typyically initializes the global SSL algorithms etc, then you create an SSL_CTX, if you do not use any of the curl parameters for SSL except the call back, that's the environment you get when the callback is called. Yes, if you application uses a lot of variables on the stack, you need to put into a structure and pass an appropriate pointer to the call back. In the callback you just do exactly what your application does between the SSL_CTX creation and the creation of the SSL object. Since you are able to use curl in the non-ssl environment, you are happy with what it does to connect to the partner?
Is there a way to hand over a fully initialised, connected and ready-to-use OpenSSL context to libcurl and let it skip the host resolution, connection and initialisation phases entirely? If there isn't such a mechanism by design (we couldn't find one in the docs or by cursory examination of the code, but who knows), would it be straightforward to add something like this ourselves, and do you have any hints on how we might go about it?
- you might want to share the list of access function that you call in your code to do things in the SSL_CTX. - look where things are done in curl's ssluse.c - There is an example (curlx.c) that does a pretty complicated thing: - use a pkcs12, take a client key/cert - use another CA as a trust anchor - change the curl URL to something that after receiving the server cert (the real reason for the call back). - There may be something in your code that is done AFTER establishing the connection and before sending the actual POST based on some information in the established connection. Most likely this can be put into a certificate validation callback.
Many thanks,
Have fun Peter Sylvester ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
