On Mon, 17 Apr 2023, Zakrzewski, Jakub wrote:

For that specific one one could actually do what I did - let curl read the bundle by itself, and provide it as blob to OpenSSL. I don't know if that's viable though.

That's also basically what the CA caching does.

I'm not sure what you are referring to, but CURLOPT_CA_CACHE_TIMEOUT works for
an easy handle used by the easy interface as well.

If I understand the code correctly, it'd work for the easy interface, if the easy handles are re-used. Unfortunatelly, this is not the case in our codebase (again, there are architectural reasons why it cannot be easily changed 🙁 ).

If you ask me, that's almost like begging for problems since you then ditch the caches and ruins the ability to do things faster in subsequent transfers, over and over.

An additional way that the CA cache *could* be shared would be to add it to the share interface and share it between separate easy handles that way.

Do you think I could implement the caching by myslef by forcing OpenSSL to parse the bundle once and then just injecting it into the SSL Context using CURLOPT_SSL_CTX_FUNCTION?

Sure that's possible, but is the difference between that and the blob approach you already mentioned adding anything extra?

--

 / daniel.haxx.se
 | Commercial curl support up to 24x7 is available!
 | Private help, bug fixes, support, ports, new features
 | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to