Daniel Stenberg wrote:

> On Fri, 26 Aug 2005, theo borm wrote:
>
>> Please keep in mind that if you fetch multiple HTTPS URLS, the
>> CURLOPT_SSL_CTX_FUNCTION callback function will be called for every
>> transfer, and (re-) loading the same certificate the second/third
>> etc. time will (should) fail.
>
>
> I'm not sure I understand why. This callback should only be called on
> new connects and surely you need to do this check thing on each new
> connect since you cannot know if the remote host has changed?

As far as I understand the logic, an SSL_ctx is created whenever a
connection needs to be
established, and the ssl ctx function is called exactly once for each
ssl_ctx. Each ssl ctx
is initialized with the values set via easy. Thus, the curl easy handle
does basically most
of what the ssl_ctx is doing, i.e., the house keeping of parameters.

>
>> Loading certificate(s) should (in most cases) be a one-time per
>> program initialization event, which could easily be achieved by
>> calling (SSL_CTX *)curl_easy_get_SSL_context(void) (to be written) to
>> get a pointer to the SSL context and doing the nescessary
>> modifications once.
>
>
> If you only wanted it done on the first invoke, couldn't you simply
> achieve the same thing then by simply set a variable to a value and
> then check that value on forthcoming invokes?

That's why there is the SSL context parameter for, so one can keep a
global status
but each invoke is with a different ssl_ctx AFAIR.

>
> I'm sure I've missed something, I just can't see what!
>

-- 
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.