cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Reuse ssl session accross curl handles

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Sat, 30 Apr 2016 01:40:02 -0400

On 4/29/2016 3:56 AM, Thomas Glanzmann wrote:
> Hello,
>
> * Thomas Glanzmann <thomas_at_glanzmann.de> [2016-04-29 09:45]:
>> now that Ray has fixed session reuse, I wonder if it is possible to
>> reuse SSL session across curl handles? If I use the same curl handle it
>> works, but if I try to use curl_easy_duphandle[1] it does _not_ work.
>> Any tricks to reuse session with multiple curl handles? If it is not
>> possible, can I use the same curl handle using curl easy for multiple
>> connections in a multi threaded procss?
> to answer my own question:
>
> CURLSH *share = curl_share_init();
> curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
>
> But when I add the above to my code the sessions are _not_ shared. I can
> tell that from looking at the wireshark output as well as on the
> debugging output of mbedtls.
>
> Can someone confirm or am I doing something wrong?
>
> I do the following:
>
> curl_easy_init()
> curl_easy_duphandle()
> curl_easy_perform()
>

Works here with mbedTLS. Maybe you forgot CURLOPT_SHARE? In
curl_easy_duphandle it is documented that "the new handle will not
inherit any state information, no connections, no SSL sessions and no
cookies." [1]

Another thing could be the host you're connecting to is spotty on
session resume, like if there's a farm and they don't share resume info.
In that case check the ClientHello to see whether it contains session id
and ticket.

Try this simple example, it should resume:

#include <curl/curl.h>

CURLSH *share;

void gethaxx(void)
{
   CURL *curl = curl_easy_init();
   curl_easy_setopt(curl, CURLOPT_CAINFO, "curl-ca-bundle.crt");
   curl_easy_setopt(curl, CURLOPT_SHARE, share);
   curl_easy_setopt(curl, CURLOPT_URL, "https://curl.haxx.se");
   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
   curl_easy_perform(curl);
   curl_easy_cleanup(curl);
}

int main(int argc, char *argv[])
{
   curl_global_init(CURL_GLOBAL_ALL);
   share = curl_share_init();
   curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
   gethaxx();
   gethaxx();
   return 0;
}

And to answer your question from the first e-mail: yes you can reuse
easy handles, see curl_easy_reset [2] which should be helpful.

[1]: https://curl.haxx.se/libcurl/c/curl_easy_duphandle.html
[2]: https://curl.haxx.se/libcurl/c/curl_easy_reset.html

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-04-30