Daniel Stenberg wrote: > I don't want to break the build by merging this work into master, so I would like help with trying out (and fixing) this branch with:
> - gskit I've just commit changes (to the HTTPS-proxy branch) to gskit (and also x509asn1) to make them compile and run on non-proxied SSL sessions: this is OK. Please note the following points: - GSKit does not support SSL stacking: it always acts on a socket descriptor so the only way to have SSL on SSL would be to use a socketpair() and a (parallel) interface procedure to do the transfer from/to the socket and the second level SSL. Unfortunately OS/400 in interactive mode cannot handle it in a fork or a thread, and I don't see a way to use internal asynchronous pipelining with a single curl_easy channel :-( The only way to support it would be to poll each time an SSL operation is about to be done. This is a big work and I have no time to do it right now. Thus GSKit currently returns an error if a connection tries to do SSL over SSL. - The problem about setstropt() not using the set.str array is still pending: how to resolve it without reverting the new ssl structure layout? - I think we may have semantics and memory leakage problems with CURLOPT_CERTINFO on SSL over SSL connections. I still have to test with a proxy, but I have to set up one: never did that before... Patrick ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
