curl-users
HTTPS and session_id
Date: Tue, 5 Dec 2000 15:33:10 +0100
Hi,
I am new to the list, but from the searches I performed I found no trace of a
question about libcurl's treatment of the HTTPS session_id.
With the standalone curl executable I tried to connect twice in a row to some
https protected page, after defining "SSLLogLevel debug" in Apache's
httpd.conf, and in the ssl_engine_log I saw curl performing twice the full SSL
Handshake Protocol.
This I could understand, since I run the executable twice; so I changed the
command line to read:
curl "https://localhost/{one,two}.php"
but obtained the same results. I also tried calling the two URLs above
via a PHP script using libcurl, but I always observe the same behaviour.
Is there a way to ask (lib)curl to send a Client Hello + session_id previously
emitted by the Web server, in order to lighten the SSL protocol overhead in
subsequent calls (I understand this is what a browser does)?
In the answer is no, may I suggest this capability being scheduled for a
future release?
Is this perhaps something I should configure in OpenSSL, outside (lib)curl?
Thank you
Massimo
P.S. cURL works great in PHP 4.0.3pl1. I am building a Web site that needs to
be called securely also from non-browser applications, and plan to propose the
widespread use of SSL-enabled cURL to provide connectivity from any language
capable of loading a dynamic library.
Received on 2000-12-05