Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
CURLOPT_SSL_CTX_FUNCTION: adhere to documented behavior #1290
Shouldn't we just fix the docs instead? It seems unnecessary to close and re-init those handles, and probably possibly a rather time-consuming operation.
And why do we want to escape the backslashes? The intent seems to be to pass on newline separated lines, isn't it?
I don't think you should merge these independent changes into the same commit.
.. also document that CURLE_NOT_BUILT_IN is a RETURN VALUE. Ref: #1290
It could be clarified to say the contents of the object will be reinitialized every time, or something like that, but the pointer may be the same.
I landed this part in 21512a0, you're right I should have separated it. You are forgetting we have to escape the backslashes.
- Allocate a new CTX object before freeing the old one. This is because CURLOPT_SSL_CTX_FUNCTION manpage says: "pointer will be a new one every time". Ref: #1290
How about this clarification:
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 index b260126..4ec11f6 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 @@ -48,7 +48,10 @@ callback's error code. Set the \fIuserptr\fP argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP option. This function will get called on all new connections made to a server, during -the SSL negotiation. The SSL_CTX pointer will be a new one every time. +the SSL negotiation. The \fIssl_ctx\fP pointer will point to an object that has +been initialized and is new in the sense that it is the one and only time that +object will be passed to the callback. Note the pointer may point to the same +address in subsequent calls but it would be a different object every time. To use this properly, a non-trivial amount of knowledge of your SSL library is necessary. For example, you can use this function to call library-specific
Since the feature window was about to close and this was holding up 1272 I went ahead with that one and used a slightly less verbose explanation to explain this issue.
\fICURLOPT_SSL_CTX_DATA(3)\fP option. This function will get called on all new connections made to a server, during -the SSL negotiation. The SSL_CTX/mbedtls_ssl_config pointer will be a new one -every time. +the SSL negotiation. The \fIssl_ctx\fP will point to a newly initialized object +each time, but note the pointer may be the same as from a prior call. To use this properly, a non-trivial amount of knowledge of your SSL library is necessary. For example, you can use this function to call library-specific