curl-library
Re: SSL with curl
Date: Wed, 12 Jan 2011 18:50:49 -0500
On Wed, Jan 12, 2011 at 6:38 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Wed, 12 Jan 2011, amit paliwal wrote:
>
> I don't know what "raw data" means here, but I assume you mean that the
>>> server doesn't send any headers at all? If so, that's not syntactically
>>> correct HTTP and I think libcurl is entiteled to drop out or do whatever. I
>>> _believe_ however that it will pretend as if there were only non-interesting
>>> headers and it will deliver the "raw data" as response body contents and
>>> assume a closed connection when done.
>>>
>>
>> Reply: yes you are right here, as HTTP1.1 follows persistent connection,
>> what will happen if some data comes without HTTP header in it. closed
>> connection should not happen unless we get "Connection:close" as part of
>> HTTP , right?
>>
>
> HTTP 1.1 implies and uses persistent connections by default, yes.
>
> But if your server responds to a request without any headers, that's
> certainly NOT HTTP 1.1 and libcurl could not possibly do HTTP1.1-style
> persistent connections anymore. It takes proper headers for that to work.
> Reply: first of all thanks a lot for the inputs. if curl sends HTTPS
> request and receives HTTPS reponse back, after that if some data comes on
> socket, which is without the HTTP header or anything , and the data is
> coming from the Server, will it close the connection????
>
> An HTTP response is split up in two parts: headers and body. An actual HTTP
> response *always* have headers[*] and it may have a body.
>
> In case there still is no headers, that's a violation against the protocol
> but libcurl will struggle to deliver the body part. That body part will then
> basically be treated as a HTTP 1.0 response body by libcurl.
>
> 1) I have SSL enabled on my socket, and expect Open SSL read and write
>>>
>>>> function to be called for receiving and sending data on socket,
>>>> irrespective of application layer protocol is HTTP or something else.
>>>>
>>>
>> Reply: I am sorry here, but I wanted to ask about HTTPS connection, in
>> that case it should use SSL calls right? I am sorry again for the wrong
>> question.
>>
>
> Yes, when libcurl speaks HTTPS it will use an SSL library to read the data
> off the socket.
>
>
> although i know it is not HTTPS but if If i receive non HTTP header data,
>> and I want it to be TLS authenticated what shall I do ? I can think of some
>> possibilities like:
>>
>
> If you don't want libcurl to do neither HTTP nor HTTPS and only do TLS then
> I would probably say you should perhaps not use libcurl at all...
Reply: I want to use curl for all proper HTTP request and response
scenarios, but I just wanted to handle some non HTTP header data that can
come.
>
>
> 1) use curl_easy_recv() to receive the data, but here will it internally
>> authenticate it with TLS? or it will just copy it in my buffer and I need to
>> authenticate it.
>>
>
> No. The "authentication" for TLS is done in the handshake/negotiation phase
> and that is done before any data is transfered at all. Once one side/both
> sides have been verified to be good, data can be exchanged between the
> parties.
>
> curl_easy_recv() is only ever used after a TLS connection has been
> negotiated (or it won't work at all).
>
> [*] = in this context I call the response "Status-Line" a header
>
>
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
-- Regards, Amit
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-01-13