On Mon, 25 Oct 2010, Leon Winter wrote:

> - Protocols may add encryption (and therefore change recv/send). A proxy
> does not add encryption whatsoever.

They most certainly can, but then it is kept "hidden". Also, I know there's
this growing pupolar concept of for example using SSL to the (http) proxy and
then tunnel SSL through it (which curl doesn't yet support)...

Adding HTTPS access like that is easy in comparison to adding a generic SSH
layer "outside" of the existing infrastructure. Mostly, I would say, because
all layers in libcurl and perhaps even more importantly 3rd party libs work
with sockets as the hand-over point while you want it to be custom and be able
to hand over to a SSH lib, like libssh2.

> CURL was not designed for this purpose

To make a generic SSH tunnel concept to work, all 3rd party libs would have to
write their outgoing data in a buffer instead of sending it to a socket and
vice versa when it comes to reading data, and I'm confident that will be a
significant work to get only the three major SSL libraries to do that in a
unified way - and I know that libssh2 doesn't even support that so in order to
tunnel SCP/SFTP over this we'd also need to first improve libssh2. I see the
work with the 3rd party libs as the most troubling parts.

I don't think adding support for this necessarily would have to complicate the
internals very much, but it is still a lot of work for something not many
users desire.

So yes, the easy route seems MUCH easier even with its downsides.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html