Hi! I’m not sure this is something need to be handled by the application or libcurl. When I reuse the TLS connection for a big payment company with different account we integrate in our application, we call a hostname api.bigcompany.com with the client cert of these accounts for mTLS. After the TLS connection is built, a username/password will be used for authentication in the following HTTP request.
However, this company enforces the match of the username/password and the client cert, we hit an issue that 1. All the request go through the same CURLM so connection could be reused 2. CURLM will search the cached connection based on hostname, in this case api.bigcompany.com 3. However, A TLS connection built by account A could not share with account B because they are built with different client cert, otherwise the HTTP username/password authentication will fail. I’m wondering should user just sharding the CURLM connection pool or we should follow-up with distinguish cached connection based on some TLS cert information like fingerprint. Thanks Yongkang Huang
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
