-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CURLOPT_SSL_CTX_FUNCTION can't mark a connection not suitable for re-use #2916
Comments
I think the most sensible way to fix this is to introduce a magic return code. The callback is made to return a Something like this:
Returning this value would equal returning Using this return code on older libcurls without support for it will just make libcurl error out instead and return that error code. |
Why not pass the curl handle in ctx data and then use it to set CURLOPT_FORBID_REUSE and then multi_done will tear it down |
Hm, yes that should work already now and doesn't need any modifications... Perhaps we should just mention this in the documentation and be done with it? |
how about diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CU
index 0d73610..04d8e29 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
@@ -61,7 +61,8 @@ change the actual URI of an HTTPS request.
WARNING: The \fICURLOPT_SSL_CTX_FUNCTION(3)\fP callback allows the application
to reach in and modify SSL details in the connection without libcurl itself
knowing anything about it, which then subsequently can lead to libcurl
-unknowingly reusing SSL connections with different properties.
+unknowingly reusing SSL connections with different properties. To remedy this
+you may set \fICURLOPT_FORBID_REUSE(3)\fP from the callback function.
.SH DEFAULT
NULL
.SH PROTOCOLS |
I'm a big 👍 on landing that and then closing this! |
Reported-by: Daniel Stenberg Closes curl#2916
I did this
If I write an application that uses the
CURLOPT_SSL_CTX_FUNCTION
callback, and in said callback my code reaches in and fiddles with TLS connection level details that makes the connection unsuitable for ordinary connection pooling and reuse, there is still no way for my callback to signal this information to libcurl.I expected the following
Maybe a magic return code that says this? Maybe another way to flag it?
curl/libcurl version
git master
operating system
independent
The text was updated successfully, but these errors were encountered: