curl-library
Re: connection reuse with proxies and ssl
Date: Wed, 23 Jan 2008 16:28:05 -0800
Thanks for your quick response!
On Jan 23, 2008 3:33 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Wed, 23 Jan 2008, Gautam Kachroo wrote:
>
> Thanks a lot for your work and thorough explanation!
>
> > + } else {
>
> > + struct ssl_connect_data *connssl = &check->ssl[FIRSTSOCKET];
> > + if(check->bits.tunnel_proxy && !connssl->use) {
> > + infof(data,
> > + "Connection #%ld has not started ssl connect, "
> > + "can't reuse\n",
> > + check->connectindex );
> > + continue;
>
> Is it really any point in checking for check->bits.tunnel_proxy? I mean, isn't
> the problem that the connection doesn't use SSL (yet) so simply checking for
> !connssl->use will be enough?
>
> Like this:
>
> --- lib/url.c 21 Jan 2008 23:48:58 -0000 1.696
> +++ lib/url.c 23 Jan 2008 23:31:04 -0000
> @@ -2450,6 +2450,10 @@
> check->connectindex );
> continue;
> }
> + else if(!check->ssl[FIRSTSOCKET].use)
> + /* SSL not (yet) "activated" on the connection so it can't be
> + re-used! */
> + continue;
>
> }
> if((needle->protocol & PROT_FTP) ||
> ((needle->protocol & PROT_HTTP) &&
I think you're right -- ensuring that SSL is initialized isn't limited
to the proxy tunnel case.
It would still be nice if the connection structure kept track of the
protocol initialization being finished, i.e. ConnectionExists could
look at check->bits.protoconndone.
It would also be nice if the ssl connect state keps a done flag, "use"
only seems to record that the ssl connect process started.
thanks,
-gk
> --
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
>
Received on 2008-01-24