curl-users
Re: HTTPS and session_id
Date: Wed, 6 Dec 2000 16:16:33 +0100 (MET)
On Wed, 6 Dec 2000, Massimo Squillace wrote:
> According to the SSL 3.0 Specification at
> http://home.netscape.com/eng/ssl3/3-SPEC.HTM#7-1 :
[good quote cut out]
> In my understanding, this implies a persistent connection isn't needed to
> take advantage of the session-id to significantly shorten the handshake
> protocol. Libcurl could simply keep track of the last session-id received
> from the server (on a per-thread basis, if needed) and provide an
> interface so that the calling program (thread) can read its value.
It is indeed my understanding as well. Of course, we need to check out the
OpenSSL interface for this, I'm not an expert on that.
The curl_easy_getinfo() should probably be used to extract the session id.
> On subsequent calls, the calling program could tell libcurl via a new
> curl_easy_setopt() option the session-id to try and reuse, in which case
> the library would simply skip the handshaking part of the SSL protocol
> according to the above specs (web server permitting).
Sounds good, yes.
Are you interested in fixing this? I sure could use a hand...
> I hope not to be oversimplifying here, I am still relatively new to Linux
> but I know from previous experience this kind of logic can easily be
> programmed e.g. under OS/2.
This really isn't a Linux issue, curl compiles and runs under a large amount
of operating systems.
-- Daniel Stenberg -- curl project maintainer -- http://curl.haxx.se/Received on 2000-12-06