cURL / Mailing Lists / curl-users / Single Mail


ssl callback

From: Peter Sylvester <>
Date: Tue, 20 May 2003 12:50:14 +0200 (MET DST)


I am experimenting with a small addition to curl which allows
to add a callback for ssl connections which is called
just before creating the SSL structure in ssluse.c.

here the envioronment in ssluse.c

    SSL_CTX_set_verify(conn->ssl.ctx, SSL_VERIFY_NONE, cert_verify_callback);

/* give application a chance to interfere with SSL set up. */
        if (data->set.ssl.fsslctx && !((*data->set.ssl.fsslctx)(data,(void *)(conn->ssl.ctx),data->set.ssl.fsslctxp))) {
                failf(data,"error signaled by ssl ctx callback");
                return CURLE_SSL_CERTPROBLEM;

  /* Lets make an SSL structure */
  conn->ssl.handle = SSL_new (conn->ssl.ctx);
  SSL_set_connect_state (conn->ssl.handle);

I want to modify the relative part of the url in action, i.e., I initially use


and in the server cert I have an extension that tells me


unfortunately a call

        curl_easy_setopt(p->curl, CURLOPT_URL, service);

doesn't work at that place, since the url is already parsed.
Well, since I don't give up so easily:

In http.c there is the following code:

  if (data->change.proxy && *data->change.proxy &&
      !data->set.tunnel_thru_httpproxy &&
      !(conn->protocol&PROT_HTTPS)) {
    /* The path sent to the proxy is in fact the entire URL */
    ppath = data->change.url;

Is it really necessary to make all the tests. the url send an
http host can be the full URL. I tried to set the ppath
unconditionally, the code works.

Any comments are welcome.

This email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software.
Received on 2003-05-20