Re: [PATCH/RFC] http_init: only initialize SSL for https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Mar 18, 2013 at 11:38 AM, Erik Faye-Lund <kusmabite@xxxxxxxxx> wrote:
> On Sun, Mar 17, 2013 at 11:27 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
>> Daniel Stenberg <daniel@xxxxxxx> writes:
>>
>>> On Sun, 17 Mar 2013, Antoine Pelisse wrote:
>>>
>>>>> With redirects taken into account, I can't think of any really good way
>>>>> around avoiding this init...
>>>>
>>>> Is there any way for curl to initialize SSL on-demand ?
>>>
>>> Yes, but not without drawbacks.
>>>
>>> If you don't call curl_global_init() at all, libcurl will notice that
>>> on first use and then libcurl will call global_init by itself with a
>>> default bitmask.
>>>
>>> That automatic call of course will prevent the application from being
>>> able to set its own bitmask choice, and also the global_init function
>>> is not (necessarily) thread safe while all other libcurl functions are
>>> so the internal call to global_init from an otherwise thread-safe
>>> function is unfortunate.
>>
>> So in short, unless you are writing a custom application to talk to
>> servers that you know will never redirect you to HTTPS, passing
>> custom masks such as ALL&~SSL to global-init is not going to be a
>> valid optimization.
>>
>> I think that is a reasonable API; your custom application may want
>> to go around your intranet servers all of which serve their status
>> over plain HTTP, and it is a valid optimization to initialize the
>> library with ALL&~SSL.  It is just that such an optimization does
>> not apply to us---we let our users go to random hosts we have no
>> control over, and they may redirect us in ways we cannot anticipate.
>>
>
> I wonder. Our libcurl is build with "-winssl" (USE_WINDOWS_SSPI=1), it
> seems. Perhaps switching to openssl (which we already have libraries
> for) would make the init-time better?

It does indeed. So this is probably a better solution, and is
something we're considering doing in Git for Windows anyway (for a
different reason). Thanks for all the feed-back!
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]