Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Curl + OpenSSL 3.x is painfully slow on windows
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 17 Apr 2023 14:52:57 +0200 (CEST)
On Mon, 17 Apr 2023, Zakrzewski, Jakub wrote:
> For that specific one one could actually do what I did - let curl read the
> bundle by itself, and provide it as blob to OpenSSL. I don't know if that's
> viable though.
That's also basically what the CA caching does.
>> I'm not sure what you are referring to, but CURLOPT_CA_CACHE_TIMEOUT works for
>> an easy handle used by the easy interface as well.
>
> If I understand the code correctly, it'd work for the easy interface, if the
> easy handles are re-used. Unfortunatelly, this is not the case in our
> codebase (again, there are architectural reasons why it cannot be easily
> changed 🙁 ).
If you ask me, that's almost like begging for problems since you then ditch
the caches and ruins the ability to do things faster in subsequent transfers,
over and over.
An additional way that the CA cache *could* be shared would be to add it to
the share interface and share it between separate easy handles that way.
> Do you think I could implement the caching by myslef by forcing OpenSSL to
> parse the bundle once and then just injecting it into the SSL Context using
> CURLOPT_SSL_CTX_FUNCTION?
Sure that's possible, but is the difference between that and the blob approach
you already mentioned adding anything extra?
Date: Mon, 17 Apr 2023 14:52:57 +0200 (CEST)
On Mon, 17 Apr 2023, Zakrzewski, Jakub wrote:
> For that specific one one could actually do what I did - let curl read the
> bundle by itself, and provide it as blob to OpenSSL. I don't know if that's
> viable though.
That's also basically what the CA caching does.
>> I'm not sure what you are referring to, but CURLOPT_CA_CACHE_TIMEOUT works for
>> an easy handle used by the easy interface as well.
>
> If I understand the code correctly, it'd work for the easy interface, if the
> easy handles are re-used. Unfortunatelly, this is not the case in our
> codebase (again, there are architectural reasons why it cannot be easily
> changed 🙁 ).
If you ask me, that's almost like begging for problems since you then ditch
the caches and ruins the ability to do things faster in subsequent transfers,
over and over.
An additional way that the CA cache *could* be shared would be to add it to
the share interface and share it between separate easy handles that way.
> Do you think I could implement the caching by myslef by forcing OpenSSL to
> parse the bundle once and then just injecting it into the SSL Context using
> CURLOPT_SSL_CTX_FUNCTION?
Sure that's possible, but is the difference between that and the blob approach
you already mentioned adding anything extra?
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-04-17