On Mon, 25 Oct 2010, Leon Winter wrote:
- Protocols may add encryption (and therefore change recv/send). A proxy does not add encryption whatsoever.
They most certainly can, but then it is kept "hidden". Also, I know there's this growing pupolar concept of for example using SSL to the (http) proxy and then tunnel SSL through it (which curl doesn't yet support)...
Adding HTTPS access like that is easy in comparison to adding a generic SSH layer "outside" of the existing infrastructure. Mostly, I would say, because all layers in libcurl and perhaps even more importantly 3rd party libs work with sockets as the hand-over point while you want it to be custom and be able to hand over to a SSH lib, like libssh2.
CURL was not designed for this purpose
To make a generic SSH tunnel concept to work, all 3rd party libs would have to write their outgoing data in a buffer instead of sending it to a socket and vice versa when it comes to reading data, and I'm confident that will be a significant work to get only the three major SSL libraries to do that in a unified way - and I know that libssh2 doesn't even support that so in order to tunnel SCP/SFTP over this we'd also need to first improve libssh2. I see the work with the 3rd party libs as the most troubling parts.
I don't think adding support for this necessarily would have to complicate the internals very much, but it is still a lot of work for something not many users desire.
So yes, the easy route seems MUCH easier even with its downsides. -- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
