-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CURLOPT_SSL_CTX_FUNCTION: adhere to documented behavior #1290
Conversation
@jay, thanks for your PR! By analyzing the history of the files in this pull request, we identified @captain-caveman2k, @rousskov and @bagder to be potential reviewers. |
Shouldn't we just fix the docs instead? It seems unnecessary to close and re-init those handles, and probably possibly a rather time-consuming operation. And why do we want to escape the backslashes? The intent seems to be to pass on newline separated lines, isn't it? I don't think you should merge these independent changes into the same commit. |
.. also document that CURLE_NOT_BUILT_IN is a RETURN VALUE. Ref: #1290
It could be clarified to say the contents of the object will be reinitialized every time, or something like that, but the pointer may be the same.
I landed this part in 21512a0, you're right I should have separated it. You are forgetting we have to escape the backslashes. input:
output manpage/nroff:
output roffit:
|
- Allocate a new CTX object before freeing the old one. This is because CURLOPT_SSL_CTX_FUNCTION manpage says: "pointer will be a new one every time". Ref: curl#1290
263fe17
to
e27961d
Compare
How about this clarification: diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
index b260126..4ec11f6 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
@@ -48,7 +48,10 @@ callback's error code. Set the \fIuserptr\fP argument with the
\fICURLOPT_SSL_CTX_DATA(3)\fP option.
This function will get called on all new connections made to a server, during
-the SSL negotiation. The SSL_CTX pointer will be a new one every time.
+the SSL negotiation. The \fIssl_ctx\fP pointer will point to an object that has
+been initialized and is new in the sense that it is the one and only time that
+object will be passed to the callback. Note the pointer may point to the same
+address in subsequent calls but it would be a different object every time.
To use this properly, a non-trivial amount of knowledge of your SSL library is
necessary. For example, you can use this function to call library-specific |
ping on this, is the proposed clarification patch above an acceptable alternative to this PR? |
Since the feature window was about to close and this was holding up 1272 I went ahead with that one and used a slightly less verbose explanation to explain this issue. \fICURLOPT_SSL_CTX_DATA(3)\fP option.
This function will get called on all new connections made to a server, during
-the SSL negotiation. The SSL_CTX/mbedtls_ssl_config pointer will be a new one
-every time.
+the SSL negotiation. The \fIssl_ctx\fP will point to a newly initialized object
+each time, but note the pointer may be the same as from a prior call.
To use this properly, a non-trivial amount of knowledge of your SSL library is
necessary. For example, you can use this function to call library-specific |
Allocate a new CTX object before freeing the old one.
This is because CURLOPT_SSL_CTX_FUNCTION manpage says:
"pointer will be a new one every time".
manpage: Fix formatting in EXAMPLE by escaping all backslashes.
manpage: Document that CURLE_NOT_BUILT_IN is a RETURN VALUE.