Hi,

I am new to the list, but from the searches I performed I found no trace of a
question about libcurl's treatment of the HTTPS session_id.

With the standalone curl executable I tried to connect twice in a row to some
https protected page, after defining "SSLLogLevel debug" in Apache's
httpd.conf, and in the ssl_engine_log I saw curl performing twice the full SSL
Handshake Protocol.

This I could understand, since I run the executable twice; so I changed the
command line to read:

curl "https://localhost/{one,two}.php"

but obtained the same results. I also tried calling the two URLs above
via a PHP script using libcurl, but I always observe the same behaviour.

Is there a way to ask (lib)curl to send a Client Hello + session_id previously
emitted by the Web server, in order to lighten the SSL protocol overhead in
subsequent calls (I understand this is what a browser does)?

In the answer is no, may I suggest this capability being scheduled for a
future release?

Is this perhaps something I should configure in OpenSSL, outside (lib)curl?

Thank you

Massimo

P.S. cURL works great in PHP 4.0.3pl1. I am building a Web site that needs to
be called securely also from non-browser applications, and plan to propose the
widespread use of SSL-enabled cURL to provide connectivity from any language
capable of loading a dynamic library.
Received on 2000-12-05