cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL Sessions

From: Daniel Stenberg <daniel.stenberg_at_netinsight.se>
Date: Fri, 07 Apr 2000 11:19:29 +0200

Michael Naef wrote:

> I'm running an application (an extended reverse proxy) that relies on
> the SSL session ID to track client sessions and I wanted to use Curl to
> access that application. The problem with Curl is that it (AFAIK) only
> supports independent requests. Thus, with my application a new session
> ID for each request is generated. The application won't work like that.
>
> Therefore my question: How about extending Curl in a way to support
> multiple dependent (SSL) requests in a row in order to each time use the
> same SSL session ID? One way to accomplish this would be to implement
> some kind of interactive mode, i.e. a small shell that allows me to
> issue the requests.

I'm not sure I understand this correctly. Is the SSL session ID something
that you extract from the SSL layer in your server? Is that unique for each
connect? Does that require that the client keeps connected all the time while
using your application? (as clients tend to disconnect after X seconds idle
time) Or do you mean that the session ID is kept in the client between the
different connects?

AFAIK, there's only a few ways to have a 'state' in the client and one of
them involves cookies and another involves passing a (supposedly) unique
variable as parameter to all succeeding page requests.

I'm not at all against taking curl into new areas of functionality. I just
think I need to understand them myself first. I am even less against new
ideas if I'm not the person who'll get to do all the work implementing
them...! ;-)

--
 Daniel Stenberg, Software Developer
 Daniel.Stenberg_at_haxx.nu, +46-705-443177, www.contactor.se/~dast
Received on 2000-04-07