curl-users
Re: when will SSL session ID be added?
Date: Fri, 29 Aug 2003 10:23:05 +0200 (CEST)
On Thu, 28 Aug 2003, Braven T wrote:
> "Add an interface to libcurl that enables "session
> IDs" to get exported/imported.
> Correct me if I'm wrong, but from what I understand, curl currently has to
> re-negotiate the SSL session ID for every https request, and that's hidden
> from the user.
No. libcurl will re-use the SSL session ID between multiple requests as long
as you keep the easy-handle alive between the requests. In fact, it will first
attempt to re-use the same connection but if the connection is closed it will
use the SSL session ID cache to do a quicker reconnect.
However, to make curl (the command line tool) issue two requests to the same
host re-using the handle, you need to put all of the URLs on the same command
line.
> Some proxy servers like Tivoli Access Manager WebSEAL
> (http://www-3.ibm.com/software/tivoli/products/access-mgr-e-bus/) use the
> SSL session ID to keep track of the same user session(instead of using
> cookies) and curl cannot be used in this case.
Not if you need to make separate curl command line invokes, no.
Then you would truly need to be able to export the session IDs and store them
to a file, and then have the following command lines read those IDs from that
file and use them accordingly when re-connecting.
To implement this, we'd need to get a bigger understanding on how we can
export/import OpenSSL session IDs (SSL_SESSION).
-- Daniel Stenberg -- curl: been grokking URLs since 1998 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sfReceived on 2003-08-29