Daniel Stenberg wrote:

> I don't want to break the build by merging this work into master, so I
would like help with trying out (and fixing) this branch with:

> - gskit

I've just commit changes (to the HTTPS-proxy branch) to gskit (and also
x509asn1) to make them compile and run on non-proxied SSL sessions: this
is OK.

Please note the following points:
- GSKit does not support SSL stacking: it always acts on a socket
descriptor so the only way to have SSL on SSL would be to use a
socketpair() and a (parallel) interface procedure to do the transfer
from/to the socket and the second level SSL. Unfortunately OS/400 in
interactive mode cannot handle it in a fork or a thread, and I don't see
a way to use internal asynchronous pipelining with a single curl_easy
channel :-( The only way to support it would be to poll each time an SSL
operation is about to be done. This is a big work and I have no time to
do it right now. Thus GSKit currently returns an error if a connection
tries to do SSL over SSL.
- The problem about setstropt() not using the set.str array is still
pending: how to resolve it without reverting the new ssl structure
layout?
- I think we may have semantics and memory leakage problems with
CURLOPT_CERTINFO on SSL over SSL connections.

I still have to test with a proxy, but I have to set up one: never did
that before...

Patrick

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-12-15