curl / Mailing Lists / curl-library / Single Mail


Re: General query about SNI implementation.

From: Daniel Stenberg via curl-library <>
Date: Thu, 16 Aug 2018 08:16:44 +0200 (CEST)

On Thu, 16 Aug 2018, Alisha Joshi via curl-library wrote:

> If I use CURLOPT_RESOLVE, it is expected that I also have to do DNS
> resolution in my application and get the IP before calling CURLOPT_RESOLVE,
> right?

It is expected that you pass on the IP address to use. How you find that
address will vary depending on the application.

There's also CURLOPT_CONNECT_TO which has similar properties but without you
having to pass on an IP address.

> For me as a developer it would have been a single line code change if I only
> had to use a simple CURLOPT that sets the Server name extension for me.


> What could be the drawbacks in using a new CURLOPT to set SNI, I'm just
> curious here.

The costs of adding a new opt include:

1. someone would have to write code, tests and documentation
2. ... for many TLS backends
3. more options makes it harder for users to figure out what to use
4. the team will have to maintain this code for the forseeable future, and a
    more code and more option combinations and more tests means more to

This of course goes for all and any new option we add, not just this.

If users can get what they want by using an existing option that is better
than us adding a new option to accomplish something that already could be
done. That's why we try hard to see if the existing options perhaps already
satisfy the needs before we say OK to another option.

Received on 2018-08-16