cURL / Mailing Lists / curl-library / Single Mail


OT: How difficult was to integrate SSL into culrlib?

From: Gonzalo Diethelm <>
Date: Wed, 29 Mar 2006 09:53:22 -0400

These are plain questions, not a bug report, complaint or anything.

Just like libcurl implements (among other things) the client side of an
HTTP connection and protocol, I find myself needing to implement the
same thing but for the server side: a C program, acting as an HTTP
server, supporting some way of dispatching functions according to the
parameters it received, and using SSL to encrypt all communications.
Furthermore, this thing needs to be "locked-down", in the sense that
this program will be deployed in places where I absolutely do not want
to allow third parties to modify configuration files, scripts, etc. and
change the way the server works (this pretty much leaves out Apache due
to the impossibility to lock it down, unless I am totally mistaken).

I must add that I also use libcurl (7.14.0 under Debian Linux and under
Win32) in other parts of this system, and it absolutely rocks. Thanks
everyone for the good work!

I am using SWILL ( ), a library
that implements most of what I need in the HTTP server, EXCEPT for the
SSL support. After some time looking for alternatives, I am starting to
think that my best shot for fulfilling the requirements I presented
would be to add SSL support to SWILL myself. Hence my questions:

1. How difficult was to add SSL support for libcurl? I have always had
the (maybe fancy) notion that libcurl evolved to support all of its
non-SSL functionality, and then someone said "ok, now let's add support
for SSL"; hopefully the impact of this work on the existing code base
was very little?

2. I will definitely "use the source, Luke", but I would love to get any
hints and caveats on what to look for, what to avoid, etc., when I start
adding SSL support to SWILL.

3. Sometimes asking oneself the reverse question helps: how difficult
would it be to RIP SSL support OUT of libcurl? How entangled is SSL into
libcurl? How modular are the interfaces? Does any of this change when
one uses OpenSSL vs GnuTLS?

Thanks for any information. Best regards,

Gonzalo Diethelm
Received on 2006-03-29