Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
13.5 Export SSL session ids
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Catalin Raceanu via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 21 Jul 2021 14:42:38 +0300
Hello,
This is an attempt to implement 13.5 Export session ids
<https://curl.se/docs/todo.html#Export_session_ids> feature from the
TODO list. It only works for OpenSSL, but adding support for other
back-ends should be rather straightforward.
See PR#7467 <https://github.com/curl/curl/pull/7467>.
How it is supposed to work:
* Exporting: when a new SSL session was established, a user callback
will be executed with the serialized info of the new session. The
relevant new symbols here are:
o CURLOPT_SSL_SESS_FUNCTION
o CURLOPT_SSL_SESS_DATA
o curl_ssl_sess_callback (prototype)
* Importing: when SSL session cache was initialized, a user callback
will be executed to allow user code to pass serialized session info
blobs to curl. The relevant new symbols here are:
o CURLOPT_SSL_CACHE_FUNCTION
o CURLOPT_SSL_CACHE_DATA
o curl_ssl_cache_callback (prototype)
Things that probably need improving:
* The patch is pretty big. If it is difficult to review, I guess it
can be split in at least 2 parts: export, import. It got like this
due to too many change attempts that could not really be isolated...
* Naming: it might have been a better idea to use "export"/"import"
rather than "dump"/"load", but this should be fairly quick to
change. The same goes for any other names, so please let me know
about any other terminology preference.
* Some implementation decisions might not have been the right ones:
o Dumping (export) and loading (import) work with the minimum
amount of data: { back-end id, scheme, hostname, port,
serialized blob, blob size }.
Why: this seemed to be enough for the use cases here, also when
using the same feature in other libs.
Concerns: a sessionid loaded to cache (thus with some missing
details) will have them filled in from the first connection that
is trying to use it. Could that ever go wrong?
o Memory handling, when loading sessionid-s: user code is supposed
to allocate memory for the structures (and their members) for
all instances that are too be loaded. Then curl code will
release that memory after execution has returned from the
callback. For this it required the proper release function,
which needed to be set from the user code in the same callback.
When not setting it, it will fallback to Curl_cfree(). Is this
ok, or should this case always require the use of
curl_global_init_mem(), or is there a simpler and better way
that I've missed?
* Documentation: I tried adding relevant comments to code, but if
there is any other place where they need to be added please let me know.
* Test Cases: I don't really know how a test case for this would work.
Tests here have been based on breakpoints and log messages from curl.
Regards,
C
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-07-21
Date: Wed, 21 Jul 2021 14:42:38 +0300
Hello,
This is an attempt to implement 13.5 Export session ids
<https://curl.se/docs/todo.html#Export_session_ids> feature from the
TODO list. It only works for OpenSSL, but adding support for other
back-ends should be rather straightforward.
See PR#7467 <https://github.com/curl/curl/pull/7467>.
How it is supposed to work:
* Exporting: when a new SSL session was established, a user callback
will be executed with the serialized info of the new session. The
relevant new symbols here are:
o CURLOPT_SSL_SESS_FUNCTION
o CURLOPT_SSL_SESS_DATA
o curl_ssl_sess_callback (prototype)
* Importing: when SSL session cache was initialized, a user callback
will be executed to allow user code to pass serialized session info
blobs to curl. The relevant new symbols here are:
o CURLOPT_SSL_CACHE_FUNCTION
o CURLOPT_SSL_CACHE_DATA
o curl_ssl_cache_callback (prototype)
Things that probably need improving:
* The patch is pretty big. If it is difficult to review, I guess it
can be split in at least 2 parts: export, import. It got like this
due to too many change attempts that could not really be isolated...
* Naming: it might have been a better idea to use "export"/"import"
rather than "dump"/"load", but this should be fairly quick to
change. The same goes for any other names, so please let me know
about any other terminology preference.
* Some implementation decisions might not have been the right ones:
o Dumping (export) and loading (import) work with the minimum
amount of data: { back-end id, scheme, hostname, port,
serialized blob, blob size }.
Why: this seemed to be enough for the use cases here, also when
using the same feature in other libs.
Concerns: a sessionid loaded to cache (thus with some missing
details) will have them filled in from the first connection that
is trying to use it. Could that ever go wrong?
o Memory handling, when loading sessionid-s: user code is supposed
to allocate memory for the structures (and their members) for
all instances that are too be loaded. Then curl code will
release that memory after execution has returned from the
callback. For this it required the proper release function,
which needed to be set from the user code in the same callback.
When not setting it, it will fallback to Curl_cfree(). Is this
ok, or should this case always require the use of
curl_global_init_mem(), or is there a simpler and better way
that I've missed?
* Documentation: I tried adding relevant comments to code, but if
there is any other place where they need to be added please let me know.
* Test Cases: I don't really know how a test case for this would work.
Tests here have been based on breakpoints and log messages from curl.
Regards,
C
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-07-21