Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:125910
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id D07761A00BD
	for <internals@lists.php.net>; Tue,  5 Nov 2024 16:44:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1730825245; bh=Nx3szuYcW91/Yivys4w2P98cSNirZKnyoCRUF3h67J8=;
	h=References:In-Reply-To:Reply-To:From:Date:Subject:To:From;
	b=g4dIyQ0lofC5HauzokUdzfuEqzsCDDJGEY9Vkglp9w0z3KqY2fawoeTLCaKwmqHLb
	 tWg104+33xFTuRdJ7itgBhE1hQgV1Lmq+QjslZplMl13x4HoTW9qmCxq+gViUR6vB2
	 6vPnEmknqX6SrCsln21nKI+lf/HnHjHRPesRZ8HlSTYKau46vBBj5sABF8R/0aQFAL
	 LXkG2dQN31y4vfh/WvKJuVJFHAyJhJjTwnVmD/6GG8IOhywUj8AF2hX/6iiEDP962f
	 jZLUAooap254JqKqYpzaI/U0mirfTe5B7gijEXmHFxYemFsK+93AX2JngeBYnSkxzW
	 NvEW4agHoZWXw==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id AFD5D18007D
	for <internals@lists.php.net>; Tue,  5 Nov 2024 16:47:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: *
X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM,
	FREEMAIL_REPLYTO,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <eric.t.norris@gmail.com>
Received: from mail-il1-f177.google.com (mail-il1-f177.google.com [209.85.166.177])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  5 Nov 2024 16:47:24 +0000 (UTC)
Received: by mail-il1-f177.google.com with SMTP id e9e14a558f8ab-3a3b4663e40so19418255ab.2
        for <internals@lists.php.net>; Tue, 05 Nov 2024 08:44:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1730825092; x=1731429892; darn=lists.php.net;
        h=content-transfer-encoding:to:subject:message-id:date:from:reply-to
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Nx3szuYcW91/Yivys4w2P98cSNirZKnyoCRUF3h67J8=;
        b=GX2NCU5QVbVQzYXAetQqkvQ4NHqJKpwRAo+PvwMKIxz29Kt8SLtlmO9ypycUe7PnFG
         gbaHwn1mVFyTi7jsYhbz+PfZnbLTTRzZdWU43hMAwK02olwQ1gY1jCgmJyph6FaRhyT+
         amx/Ep/tL1DLTHcbI5cixlE0lDvrxwaOsAip85d9DUWsVhUcLpZOs4HziJ1o7fWUxSUx
         ZcoC8c4zjEd7/erHTtTlqqGtjliKNOfCBUN8shIF0LXDLhgLKHiWjEcal7UDIvWRY7/3
         3vXbRtgZX43e6fFFDHh7m3c+lWCyMga7LYTlA1dv61RxthQ7pMpoNnscA2WG/b4Dv5sk
         W8Zg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1730825092; x=1731429892;
        h=content-transfer-encoding:to:subject:message-id:date:from:reply-to
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Nx3szuYcW91/Yivys4w2P98cSNirZKnyoCRUF3h67J8=;
        b=pQvePrf8XosRGPRMKID5Vh2e3jXVGuXOYOefzk9HXUaHdzzn+1jKAq1oVeDmhTEgDg
         ZSp97hfAr8GoNnn/ICR3GSA4B2hManq3LYqgF26grSvr32y82zlVP6LNZ/M07EPCBQD+
         308nkibjadqstOCXryyHWF2Lpe9+jU654+nipCv96KwhuggxQng76FvWFWoWc5r/35Eg
         cWczcB8LNNoiaEu1m0O5R4wnQrIGZoR1JNnSwUIjpVDFVJNMUKh+k2ZdfRbybyy0zdJd
         SqqbpB+bBTJoGIhZtEAOvr579CHLeeot/txUT4C5a6JIEK7YraAG3d7cpCODj2Nn6GZj
         6+9Q==
X-Gm-Message-State: AOJu0Ywzl2SWSHEqoxxrIdFmifUJ5bS8m4AxU8oD/azbvVSHZ6mFlsZG
	wPJrn6ghHsHgBWjec2X91pLxt49vNOwGio4Q6NB5lAptVk4VmGrXSU258vcE5QpjftqBt/TD2Ub
	VXpSz26+UyyEqynQhFhSCLzhpZ7l3ND+P
X-Google-Smtp-Source: AGHT+IGLo6vE8INi/I8ReM+QciBdEjBYo/CyUTyJYmhsdEJBn5oV/CgsVi1p+yk9XMLgmMUsJF2s+LkuKoDbe5FNUJU=
X-Received: by 2002:a05:6e02:1a8c:b0:39d:2939:3076 with SMTP id
 e9e14a558f8ab-3a6b0394ec1mr148189175ab.25.1730825091970; Tue, 05 Nov 2024
 08:44:51 -0800 (PST)
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
References: <CA+NMNO16_p1=vmjpKSfWgSVCVqgxC0v-VGgfX4H5RhfGNNpSvg@mail.gmail.com>
 <6e533102b9a2e9c8f6a2183440b2601a@bastelstu.be> <CA+NMNO3rNd3vDth_0n6MOEdDorfHZXGymQXnk_ehwM=htvLeyQ@mail.gmail.com>
 <cd7343897b0a92d43c82062a49520fa5@bastelstu.be> <CA+NMNO0HVQAXkzcyYPjuF0KQBs-=1DE0-Bki2w0KXPUmvfjovA@mail.gmail.com>
 <9dd47a928fd4dc673a137c6433cd3130@bastelstu.be>
In-Reply-To: <9dd47a928fd4dc673a137c6433cd3130@bastelstu.be>
Reply-To: erictnorris@gmail.com
Date: Tue, 5 Nov 2024 11:44:36 -0500
Message-ID: <CA+NMNO3O3adocfHkDESWCAdvF4YOnirNnTZZnMVr4iKXygcYqg@mail.gmail.com>
Subject: Re: [PHP-DEV] [VOTE] Add persistent curl share handles
To: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
From: eric.t.norris@gmail.com (Eric Norris)

> > Here's a pull request indicating that the curl team considers TLS
> > reuse safe: https://github.com/curl/curl/pull/1917. I believe they
> > consider it a vulnerability if you are able to make curl incorrectly
> > reuse a TLS session with differing TLS settings.
>
> Thank you. That would be useful to include in the =E2=80=9CReferences=E2=
=80=9D section
> of the RFC. Changing that one even during the vote seems legal to me,
> because it does not change the actual proposal.

I've added a reference and a 'Safety' subheading to explicitly call
out your concern with CURL_LOCK_DATA_COOKIE, and to note that
CURL_LOCK_DATA_CONNECT is safe per that pull request. As you noted, I
have not changed the actual proposal, so I hope that this is okay.

Thanks,
Eric