curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: OpenSSL verify locations set despite VERIFYPEER=0

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 5 Feb 2018 16:37:25 +0100 (CET)

On Sun, 4 Feb 2018, Patrick Schlangen wrote:

> Maybe it would make sense to generally set the verify locations only if
> verifypeer is true, if it does not have any side effects? What do you think?

Thanks for your excellent analysis and mail.

I agree! I actually think two things based on this:

1) let's not call SSL_CTX_load_verify_locations() at all if the verification
is skipped anyway, for performance and using less resources reasons.

2) it is time to work on reuse of the "openssl context" so that we don't keep
killing it and creating new ones when the options are the same. So much
wasteful.

Are you up to submitting a patch/PR for the (1) case you spotted?

I'll grab case (2) and investigate what I can do to improve this.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2018-02-05

This message: [ Message body ]
Next message: Patrick Schlangen: "AW: OpenSSL verify locations set despite VERIFYPEER=0"
Previous message: Daniel Stenberg: "Re: NTLM v2 Authentication with 7.58.0"
In reply to: Patrick Schlangen: "OpenSSL verify locations set despite VERIFYPEER=0"
Next in thread: Patrick Schlangen: "AW: OpenSSL verify locations set despite VERIFYPEER=0"
Reply: Patrick Schlangen: "AW: OpenSSL verify locations set despite VERIFYPEER=0"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]