Re: Asynchronous certificate verification and curl_multi

2025-08-14 Thread Stefan Eissing via curl-library
> Am 14.08.2025 um 11:25 schrieb Ondra via curl-library > : > > Here is a proof of concept which currently only works with > curl_multi_socket_action() API so far: https://github.com/curl/curl/pull/18284 > > -after asynchronous cert verification is detected, the easy prevents fds from > bein

Re: Asynchronous certificate verification and curl_multi

2025-08-14 Thread Ondra via curl-library
Here is a proof of concept which currently only works with curl_multi_socket_action() API so far: https://github.com/curl/curl/pull/18284 -after asynchronous cert verification is detected, the easy prevents fds from being scheduled -when cert verification finishes, the user needs to first call cu

Re: Asynchronous certificate verification and curl_multi

2025-08-13 Thread Ondra via curl-library
On Wed, Aug 13, 2025 at 3:16 PM Daniel Stenberg wrote: > > Shouldn't the callback pause the transfer when it can't verify the > certificate > right now but thinks it will magically have information in the future. > > Then in a future when it has the information it resumes/unpauses the > handle >

Re: Asynchronous certificate verification and curl_multi

2025-08-13 Thread Ondra via curl-library
I have tested it; although there is connssl->io_need = CURL_SSL_IO_NEED_RECV; which can be removed, the tcp layer of adjust_pollset seems to readd it: [T530-0-0] [2/2] text [0-0] [TCP] adjust_pollset, !active, POLLIN fd=6 It may have to be worked around by eg. storing additional info in cf_socket_c

Re: Asynchronous certificate verification and curl_multi

2025-08-13 Thread Stefan Eissing via curl-library
> Am 13.08.2025 um 15:16 schrieb Daniel Stenberg via curl-library > : > > On Wed, 13 Aug 2025, Ondra via curl-library wrote: > >> Hello, Since I do not really know the code it is hard for me to say whether >> simply running curl_multi_socket_action with CURL_SOCKET_TIMEOUT would work >> and

Re: Asynchronous certificate verification and curl_multi

2025-08-13 Thread Daniel Stenberg via curl-library
On Wed, 13 Aug 2025, Ondra via curl-library wrote: Hello, Since I do not really know the code it is hard for me to say whether simply running curl_multi_socket_action with CURL_SOCKET_TIMEOUT would work and be an acceptable solution for you, or whether adding something new (CURL_SOCKET_RETRY_C

Re: Asynchronous certificate verification and curl_multi

2025-08-13 Thread Ondra via curl-library
Hello, Since I do not really know the code it is hard for me to say whether simply running curl_multi_socket_action with CURL_SOCKET_TIMEOUT would work and be an acceptable solution for you, or whether adding something new (CURL_SOCKET_RETRY_CONNECT similar to CURL_SOCKET_TIMEOUT?) would be the cor

Re: Asynchronous certificate verification and curl_multi

2025-08-13 Thread Stefan Eissing via curl-library
> Am 13.08.2025 um 09:44 schrieb Daniel Stenberg via curl-library > : > > On Wed, 13 Aug 2025, Ondra via curl-library wrote: > >> According to https://curl.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html, “For >> OpenSSL, asynchronous certificate verification via *SSL_set_retry_verify* is >> supp

Re: Asynchronous certificate verification and curl_multi

2025-08-13 Thread Daniel Stenberg via curl-library
On Wed, 13 Aug 2025, Ondra via curl-library wrote: According to https://curl.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html, “For OpenSSL, asynchronous certificate verification via *SSL_set_retry_verify* is supported. (Added in 8.3.0 )”, so I have attempted to use th