Hello internals,
I have opened the vote for "Add persistent curl share handles":
https://wiki.php.net/rfc/curl_share_persistence
The vote will last for two weeks, until 2024-11-08 0:00 UTC.
Thanks!
Hi
Am 2024-10-24 20:20, schrieb Eric Norris:
I have opened the vote for "Add persistent curl share handles":
https://wiki.php.net/rfc/curl_share_persistence
Apologies, I wanted to chime in before the vote started, but I was too
busy. Nevertheless I want to share my reasons for voting "no" on this
RFC:
Persistent handles / resources / objects violate PHP’s shared-nothing
request model, which is one fundamental part of how PHP works from my
mental model. That's why I generally believe that persisting data across
requests is generally unsafe, especially when used with stateful
connections like a database connection. HTTP is generally stateless and
I generally trust curl to do the right thing, which makes this somewhat
safer, nevertheless the RFC would still be exposing a configurable (and
thus stateful) object to an unknown number of future requests.
I'm especially concerned, because the documentation for
curl_share_init() uses CURL_LOCK_DATA_COOKIE as the example. I would
also assume that sharing a cookie jar amongst several requests is the
primary use case for leveraging a curl share handle, given that curl
already performs in-request connection reuse when reusing a single
CurlHandle or when performing requests with a CurlMultiHandle.
Accidentally sharing a cookie jar for unrelated requests due to a badly
chosen $persistent_id sounds like a vulnerability to is bound to
happen to someone.
Your RFC then lists "DNS lookups" as one of the possible things that
would be sped up. Caching DNS lookups is already a solved problem:
Install a caching resolver on your server. These commonly come with
features such as pre-fetching, ensuring that commonly-performed lookups
will stay cached at all times. As for sharing a TLS or HTTP connection,
this might or might not lead to vulnerabilities similarly to cookie
sharing, when TLS client certificates are used for authentication.
Lastly there does not appear to be a way to close a persistent share
handle either implicitly or explicitly, making it hard to reset the
share handle to a well-defined state / to know what state the share
handle is in. Also badly chosen $persistent_ids might result in a
large number of handles accumulating, without any kind of garbage
collection. For the existing persistent handles (e.g. for database
connections), the ID is chosen by PHP itself, ensuring a somewhat
predictable behavior.
All in all, this RFC sounds like a foot-gun just waiting to go off and
the RFC text is little more than a stub which does not inspire
confidence that all the possible consequences have been fully
thought-through. After all the pros and cons would also need to be
documented in PHP’s documentation and the RFC text would be a good
source for the documentation team.
Best regards
Tim Düsterhus
Apologies, I wanted to chime in before the vote started, but I was too
busy.
I appreciate that you took the time to respond at all, so thank you.
Persistent handles / resources / objects violate PHP’s shared-nothing
request model, which is one fundamental part of how PHP works from my
mental model. That's why I generally believe that persisting data across
requests is generally unsafe, especially when used with stateful
connections like a database connection. HTTP is generally stateless and
I generally trust curl to do the right thing, which makes this somewhat
safer, nevertheless the RFC would still be exposing a configurable (and
thus stateful) object to an unknown number of future requests.
I am a strong believer of PHP's shared-nothing request model as well!
That said, I think it's great that applications can opt-in to
persistence where it benefits them. For example, Etsy, a monolithic
PHP web application, makes heavy use of persistence with memcached
connections - our application performance would not be the same
without it. Our application also makes heavy use of "fan-out" by using
curl to issue parallel downstream requests to assemble and render a
page, and persistence here with the curl share interface would again
benefit the design.
For what it's worth, one thing I like about persistence in PHP is that
while it's not exactly shared-nothing, it is still only shared by a
single worker. This means that you don't have to think about locking,
etc. like you may have to with other languages, which is great!
I'm especially concerned, because the documentation for
curl_share_init()usesCURL_LOCK_DATA_COOKIEas the example. I would
also assume that sharing a cookie jar amongst several requests is the
primary use case for leveraging a curl share handle, given that curl
already performs in-request connection reuse when reusing a single
CurlHandle or when performing requests with a CurlMultiHandle.
I don't believe that sharing a cookie jar is the primary use case; it
certainly wouldn't be for us. Our primary use case is DNS and
connection sharing, for the aforementioned fanout.
Accidentally sharing a cookie jar for unrelated requests due to a badly
chosen$persistent_idsounds like a vulnerability to is bound to
happen to someone.
I'll admit that I don't have a good response to this, since while I
agree this is possible, I don't think it outweighs the benefit that
persistence gives to the applications that need it (again, we won't be
using the cookie jar). I see you've noted concerns about
documentation, would this be something you'd at least feel more
comfortable with if curl persistence documentation included a strong
warning?
Your RFC then lists "DNS lookups" as one of the possible things that
would be sped up. Caching DNS lookups is already a solved problem:
Install a caching resolver on your server. These commonly come with
features such as pre-fetching, ensuring that commonly-performed lookups
will stay cached at all times.
Interestingly, one of the reasons that I began this work was that we
found a measurable performance impact of talking to the caching
resolver on localhost, let alone the connection overhead. Essentially
nearly all of our requests will subsequently turn around and issue
multiple downstream requests, and each one to a separate host will
involve DNS lookups and establishing connections. When I looked into
mitigating this, I found the "share" interface, and here we are.
So I agree that a caching resolver can reduce the performance cost of
doing DNS lookups anew on each request, but as it does not completely
eliminate it, nor does it address the cost of connections, there's
still some performance gains left on the table.
As for sharing a TLS or HTTP connection,
this might or might not lead to vulnerabilities similarly to cookie
sharing, when TLS client certificates are used for authentication.
I believe curl itself handles this - it won't re-use a connection if
the settings aren't the same.
Lastly there does not appear to be a way to close a persistent share
handle either implicitly or explicitly, making it hard to reset the
share handle to a well-defined state / to know what state the share
handle is in.
I had originally asked this in the "open questions" of the RFC, but as
I received no response, I figured that we could address that at the
pull-request level; apologies if that was presumptuous. Máté Kocsis
asked this very question in the pull request and I expected to
re-raise it there. We do already have a curl_share_close method, so
the RFC would not need to add a new method, and since the method is
called curl_share_close, it's not really changing the meaning of the
method either.
Also badly chosen
$persistent_ids might result in a
large number of handles accumulating, without any kind of garbage
collection. For the existing persistent handles (e.g. for database
connections), the ID is chosen by PHP itself, ensuring a somewhat
predictable behavior.
I agree that this may be a risk, but it's not clear to me that this is
a risk that people would realistically run into, considering you'd
want to have a small number of persistent IDs in order to benefit from
re-using them. Dynamically picking your persistent IDs would lead to
less re-use.
All in all, this RFC sounds like a foot-gun just waiting to go off and
the RFC text is little more than a stub which does not inspire
confidence that all the possible consequences have been fully
thought-through.
I, of course, disagree that this is a "foot-gun just waiting to go
off". I would maybe agree if persistence was the default behavior, but
that is not what I am proposing - a developer must opt-in. From a
cursory GitHub search, curl_share_init is very rare, and not something
that developers are reaching for. Frankly, I see very little reason to
use it without persistence, considering that curl_multi_init does the
same thing, and is simpler to use.
Regarding the RFC text, I apologize for not filling it out more, but
it seemed straightforward to me: curl supports the share interface as
a primary feature, and there are no glaring warnings in the
documentation (https://curl.se/libcurl/c/libcurl-share.html)
indicating that you might hold the share interface incorrectly. As I
noted, I believe that TLS reuse is safe per the library itself. The
only thing new to PHP here is the persistence aspect, which I noted
would impact the SAPI by increasing memory usage "proportional to the
number of persistent curl share handles."
After all the pros and cons would also need to be
documented in PHP’s documentation and the RFC text would be a good
source for the documentation team.
My plan was to help add the documentation (and tests) after this
passed; it was unclear to me that documentation may need to be sorted
out up-front in the RFC process. That said, I believe I can summarize
the remaining cons from your email:
- A developer could reuse a cookie jar with cookies from user A in a
subsequent request from user B to origin Z if they opted in to
persistence, used CURL_LOCK_DATA_COOKIE, and used the same persistent
handle for both users. - A developer could balloon memory usage by using dynamic persistent
IDs, especially so if curl_share_close doesn't close them.
If I were to add notes about these both to the documentation, and
curl_share_close closed persistent share handles, would you change
your vote for this or a future RFC?
If not, and you're fundamentally opposed to persistent handles, I can
only urge you to reconsider based on the impact this would have on
applications that benefit from persistence. I'd like to share this one
piece of feedback from Matthieu Napoli
(https://github.com/php/php-src/pull/15603#issuecomment-2348583997):
[...] I think this could have HUGE benefits to applications out there.
Switching from PHP-FPM to a runtime like FrankenPHP, Laravel Octane (Roadrunner/Swoole), or similar, usually gives the following benefits:
- no longer need to boot the framework on every request (saves a significant amount of time)
- but also no longer need to open new HTTPS connections on every request
The second part is much less talked about, but very important in terms of performance. Opening an HTTPS request can sometimes take 100ms or more!
I believe such a feature could be a performance game changer for the PHP ecosystem, without having to rewrite apps so that they work in long-lived processes (assuming libraries like Guzzle, etc. take advantage of it ofc).
At Etsy and likely other organizations, it would be infeasible to
switch to these frameworks as the effort required would be herculean.
Persistence in PHP allows applications like ours to benefit from
avoiding duplicative work, while still maintaining the fundamentals of
the shared-nothing runtime we're familiar with.
Thanks again for your response,
Eric
Hi
Am 2024-10-25 16:29, schrieb Eric Norris:
I'm especially concerned, because the documentation for
curl_share_init()usesCURL_LOCK_DATA_COOKIEas the example. I
would
also assume that sharing a cookie jar amongst several requests is the
primary use case for leveraging a curl share handle, given that curl
already performs in-request connection reuse when reusing a single
CurlHandle or when performing requests with a CurlMultiHandle.I don't believe that sharing a cookie jar is the primary use case; it
certainly wouldn't be for us. Our primary use case is DNS and
connection sharing, for the aforementioned fanout.
FWIW, the curl documentation also lists cookie sharing as the first
thing when describing the "share interface":
https://curl.se/libcurl/c/libcurl-share.html.
Accidentally sharing a cookie jar for unrelated requests due to a
badly
chosen$persistent_idsounds like a vulnerability to is bound to
happen to someone.I'll admit that I don't have a good response to this, since while I
agree this is possible, I don't think it outweighs the benefit that
persistence gives to the applications that need it (again, we won't be
using the cookie jar). I see you've noted concerns about
documentation, would this be something you'd at least feel more
comfortable with if curl persistence documentation included a strong
warning?
Yes, I would be more comfortable if the documentation would ensure to
appropriately the possible issues with persisting the share handle
across multiple requests, possibly giving suggestions as to how a good
persistent ID could be constructed (e.g. by using a hash of the current
security context or something like that).
I would also be more comfortable, if persisting a share handle with
cookie jar sharing enabled would not be possible / would be ignored,
because that only leaves the TLS session sharing (see below) as a
possible safety issue.
Interestingly, one of the reasons that I began this work was that we
found a measurable performance impact of talking to the caching
resolver on localhost, let alone the connection overhead. Essentially
That honestly surprises me.
As for sharing a TLS or HTTP connection,
this might or might not lead to vulnerabilities similarly to cookie
sharing, when TLS client certificates are used for authentication.I believe curl itself handles this - it won't re-use a connection if
the settings aren't the same.
Okay, the curl documentation does not say anything about this in
https://curl.se/libcurl/c/CURLSHOPT_SHARE.html#CURLLOCKDATASSLSESSION.
re-raise it there. We do already have a curl_share_close method, so
the RFC would not need to add a new method, and since the method is
called curl_share_close, it's not really changing the meaning of the
method either.
That makes sense to me.
Also badly chosen
$persistent_ids might result in a
large number of handles accumulating, without any kind of garbage
collection. For the existing persistent handles (e.g. for database
connections), the ID is chosen by PHP itself, ensuring a somewhat
predictable behavior.I agree that this may be a risk, but it's not clear to me that this is
a risk that people would realistically run into, considering you'd
want to have a small number of persistent IDs in order to benefit from
re-using them. Dynamically picking your persistent IDs would lead to
less re-use.
I believe in misuse-resistant API design. Folks should be steered
towards doing the right thing by default. As an example: What if a
library internally choses to use persistent share handles for whatever
reason? Or an add-on you install in your CMS software? PHP for better or
worse is not just used for in-house software with an experienced
development team.
that developers are reaching for. Frankly, I see very little reason to
use it without persistence, considering that curl_multi_init does the
same thing, and is simpler to use.
Yes. And that probably explains why you are not seeing much use of it
until now. But if/when it gets “marketed” as the next-big-thing in
performance by tech bloggers that don't understand the possible caveats,
it will probably start to get used by folks that don't fully understand
it.
Regarding the RFC text, I apologize for not filling it out more, but
it seemed straightforward to me: curl supports the share interface as
a primary feature, and there are no glaring warnings in the
documentation (https://curl.se/libcurl/c/libcurl-share.html)
indicating that you might hold the share interface incorrectly. As I
The difference to me is that when using libcurl directly, you would
generally have a more explicit data flow and don't pull a curl share
handle in an unknown state out of thin air. See the library example
above.
After all the pros and cons would also need to be
documented in PHP’s documentation and the RFC text would be a good
source for the documentation team.My plan was to help add the documentation (and tests) after this
passed; it was unclear to me that documentation may need to be sorted
out up-front in the RFC process. That said, I believe I can summarize
The actual documentation is generally written during the RC phase, but
if the RFC author is no longer available when that happens, the
documentation team needs something to work with.
the remaining cons from your email:
- A developer could reuse a cookie jar with cookies from user A in a
subsequent request from user B to origin Z if they opted in to
persistence, used CURL_LOCK_DATA_COOKIE, and used the same persistent
handle for both users.
Yes.
- A developer could balloon memory usage by using dynamic persistent
IDs, especially so if curl_share_close doesn't close them.
Yes.
If I were to add notes about these both to the documentation, and
curl_share_close closed persistent share handles, would you change
your vote for this or a future RFC?
I'm not sure about whether I consider documentation alone to be
sufficient, but when share handles with cookie sharing enabled would not
be persisted (and removed from persistence when enabling the option
after the fact), then I would be fine with trusting libcurl to do the
right thing. Ideally this could be confirmed with some reference to the
libcurl source code or getting upstream confirmation that this is safe
to do.
Best regards
Tim Düsterhus
Accidentally sharing a cookie jar for unrelated requests due to a
badly
chosen$persistent_idsounds like a vulnerability to is bound to
happen to someone.I'll admit that I don't have a good response to this, since while I
agree this is possible, I don't think it outweighs the benefit that
persistence gives to the applications that need it (again, we won't be
using the cookie jar). I see you've noted concerns about
documentation, would this be something you'd at least feel more
comfortable with if curl persistence documentation included a strong
warning?Yes, I would be more comfortable if the documentation would ensure to
appropriately the possible issues with persisting the share handle
across multiple requests, possibly giving suggestions as to how a good
persistent ID could be constructed (e.g. by using a hash of the current
security context or something like that).I would also be more comfortable, if persisting a share handle with
cookie jar sharing enabled would not be possible / would be ignored,
because that only leaves the TLS session sharing (see below) as a
possible safety issue.
I think it's interesting to note that within a request, users are
still vulnerable to accidentally over-sharing cookies. It's unclear to
me why we would draw the line at persistence, considering it would be
opt-in. That is, even if you're not using persistence, you must not
accidentally share cookies within a request (say, if you were issuing
batch requests for multiple users at once); if you're using
persistence, you must also not accidentally share cookies between
persistent handles.
My concern is that this feels a little arbitrary, and it may in fact
be useful for users to share cookies between requests, so removing the
functionality when persistence is enabled might be a mistake. That
said, if this RFC vote fails and the only way to get a "yes" vote was
to remove shared cookie functionality, I would do that.
As for sharing a TLS or HTTP connection,
this might or might not lead to vulnerabilities similarly to cookie
sharing, when TLS client certificates are used for authentication.I believe curl itself handles this - it won't re-use a connection if
the settings aren't the same.Okay, the curl documentation does not say anything about this in
https://curl.se/libcurl/c/CURLSHOPT_SHARE.html#CURLLOCKDATASSLSESSION.
Here's a pull request indicating that the curl team considers TLS
reuse safe: https://github.com/curl/curl/pull/1917. I believe they
consider it a vulnerability if you are able to make curl incorrectly
reuse a TLS session with differing TLS settings.
Also badly chosen
$persistent_ids might result in a
large number of handles accumulating, without any kind of garbage
collection. For the existing persistent handles (e.g. for database
connections), the ID is chosen by PHP itself, ensuring a somewhat
predictable behavior.I agree that this may be a risk, but it's not clear to me that this is
a risk that people would realistically run into, considering you'd
want to have a small number of persistent IDs in order to benefit from
re-using them. Dynamically picking your persistent IDs would lead to
less re-use.I believe in misuse-resistant API design. Folks should be steered
towards doing the right thing by default. As an example: What if a
library internally choses to use persistent share handles for whatever
reason? Or an add-on you install in your CMS software? PHP for better or
worse is not just used for in-house software with an experienced
development team.
I am also a big fan of misuse-resistant design - I am on the Security
team at Etsy - but I'm struggling with the hypothetical here.
Persistence is not enabled by default, so developers would have to
opt-in. If a library internally chooses to use persistent share
handles, the author of the library should be responsible for designing
a misuse-resistant library. The same goes for an add-on in custom CMS
software.
In a sense, I could think of this as something akin to the "subtle"
cryptography library pattern you'll find elsewhere. For example, take
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto.
Cryptography library authors use the subtle API to implement
misuse-resistant abstractions on top of these primitives; if you find
yourself using the primitive, you are at risk of misusing it.
The risk here is much lower than dealing with subtle cryptography
APIs, as there are two clear misuse patterns: allocating too many
persistent handles without closing them, and reusing a persistent
handle with a cookie jar for multiple user-associated requests.
That said, as I mentioned above I would be fine with removing cookie
jar persistence if that was necessary to secure a passing vote, since
it's not our primary focus.
Regarding the RFC text, I apologize for not filling it out more, but
it seemed straightforward to me: curl supports the share interface as
a primary feature, and there are no glaring warnings in the
documentation (https://curl.se/libcurl/c/libcurl-share.html)
indicating that you might hold the share interface incorrectly. As IThe difference to me is that when using libcurl directly, you would
generally have a more explicit data flow and don't pull a curl share
handle in an unknown state out of thin air. See the library example
above.
In the same vein as the "subtle" talk above, I'd point out that a
library developer could set CURLOPT_SSL_VERIFYPEER to false "because
it's faster". They shouldn't, because a library should have the right
security settings for a user. I would expect that the library would
not use the cookie jar functionality unless they exposed a way to
select the correct security context.
If I were to add notes about these both to the documentation, and
curl_share_close closed persistent share handles, would you change
your vote for this or a future RFC?I'm not sure about whether I consider documentation alone to be
sufficient, but when share handles with cookie sharing enabled would not
be persisted (and removed from persistence when enabling the option
after the fact), then I would be fine with trusting libcurl to do the
right thing. Ideally this could be confirmed with some reference to the
libcurl source code or getting upstream confirmation that this is safe
to do.
Understood. I appreciate that even if I don't convince you of the
acceptability of the proposed API as-is, you have provided me with
enough information to try again if this RFC fails to pass. Thank you!
Eric
Hi
Am 2024-10-28 16:31, schrieb Eric Norris:
I think it's interesting to note that within a request, users are
still vulnerable to accidentally over-sharing cookies. It's unclear to
Yes.
me why we would draw the line at persistence, considering it would be
opt-in. That is, even if you're not using persistence, you must not
accidentally share cookies within a request (say, if you were issuing
batch requests for multiple users at once); if you're using
persistence, you must also not accidentally share cookies between
persistent handles.My concern is that this feels a little arbitrary, and it may in fact
be useful for users to share cookies between requests, so removing the
functionality when persistence is enabled might be a mistake. That
said, if this RFC vote fails and the only way to get a "yes" vote was
to remove shared cookie functionality, I would do that.
The differences between using a CurlShareHandle in a single request and
using it across multiple requests are:
- For a majority of applications, the security boundary (e.g. the
currently logged-in user) does not change within a single request,
making it less likely to actually be an issue. - Unless using globals or static variables - which are generally
considered a bad practice in newly written PHP code -, you generally
would have a fairly explicit data flow using local variables, parameters
and return values for a single CurlShareHandle, making it hard to
accidentally reuse a CurlShareHandle where not intended. The
persistence across requests is effectively pulling a handle in an
unknown from a global array, in other words: Spooky action from a
distance.
Here's a pull request indicating that the curl team considers TLS
reuse safe: https://github.com/curl/curl/pull/1917. I believe they
consider it a vulnerability if you are able to make curl incorrectly
reuse a TLS session with differing TLS settings.
Thank you. That would be useful to include in the “References” section
of the RFC. Changing that one even during the vote seems legal to me,
because it does not change the actual proposal.
I am also a big fan of misuse-resistant design - I am on the Security
team at Etsy - but I'm struggling with the hypothetical here.
Persistence is not enabled by default, so developers would have to
opt-in. If a library internally chooses to use persistent share
handles, the author of the library should be responsible for designing
a misuse-resistant library. The same goes for an add-on in custom CMS
software.
Designing a misuse-resistant API around globally shared mutable state is
very hard. I believe needs to happen on the lowest level, because a
single high-level library can't have a full picture of the situation.
libcurl making it impossible to hold incorrectly - with the Exception of
Cookies - is a good thing here.
That said, as I mentioned above I would be fine with removing cookie
jar persistence if that was necessary to secure a passing vote, since
it's not our primary focus.
Given the information regarding the TLS re-use, the cookie sharing is my
only remaining concern. In fact with cookie sharing disabled it might
not even be necessary for the user to choose an ID: Given that libcurl
does the heavy lifting, as a user I should only need a single share
handle and let libcurl figure out the details, no? A boolean “share
connections across requests” when initializing a CurlHandle should
probably sufficient.
In the same vein as the "subtle" talk above, I'd point out that a
library developer could setCURLOPT_SSL_VERIFYPEERto false "because
it's faster". They shouldn't, because a library should have the right
security settings for a user. I would expect that the library would
not use the cookie jar functionality unless they exposed a way to
select the correct security context.
See above: Globally shared mutable state is much different than changing
a setting in a localized fashion. The former is very hard to statically
analyze for safety, the latter can easily be audited with a grep
(leaving aside users intentionally obfuscating the constant's value).
Best regards
Tim Düsterhus
Here's a pull request indicating that the curl team considers TLS
reuse safe: https://github.com/curl/curl/pull/1917. I believe they
consider it a vulnerability if you are able to make curl incorrectly
reuse a TLS session with differing TLS settings.Thank you. That would be useful to include in the “References” section
of the RFC. Changing that one even during the vote seems legal to me,
because it does not change the actual proposal.
I've added a reference and a 'Safety' subheading to explicitly call
out your concern with CURL_LOCK_DATA_COOKIE, and to note that
CURL_LOCK_DATA_CONNECT is safe per that pull request. As you noted, I
have not changed the actual proposal, so I hope that this is okay.
Thanks,
Eric
That said, as I mentioned above I would be fine with removing cookie
jar persistence if that was necessary to secure a passing vote, since
it's not our primary focus.Given the information regarding the TLS re-use, the cookie sharing is my
only remaining concern. In fact with cookie sharing disabled it might
not even be necessary for the user to choose an ID: Given that libcurl
does the heavy lifting, as a user I should only need a single share
handle and let libcurl figure out the details, no? A boolean “share
connections across requests” when initializing a CurlHandle should
probably sufficient.
I realized I completely forgot to respond to this point. I had
actually considered this when you first mentioned that you did not
like choosable persistent IDs, but I think we'd need to consider how
this would interact with CURLOPT_MAXCONNECTS. A single shared handle
would mean a user couldn't create separate connection pools, and so it
may cause churn if the pool size wasn't large enough.
I don't think that's an insurmountable problem, however. I will raise
that as a part of a v2 discussion attempt if this fails to pass.
That said, as I mentioned above I would be fine with removing cookie
jar persistence if that was necessary to secure a passing vote, since
it's not our primary focus.Given the information regarding the TLS re-use, the cookie sharing is my
only remaining concern. In fact with cookie sharing disabled it might
not even be necessary for the user to choose an ID: Given that libcurl
does the heavy lifting, as a user I should only need a single share
handle and let libcurl figure out the details, no? A boolean “share
connections across requests” when initializing a CurlHandle should
probably sufficient.I realized I completely forgot to respond to this point. I had
actually considered this when you first mentioned that you did not
like choosable persistent IDs, but I think we'd need to consider how
this would interact with CURLOPT_MAXCONNECTS. A single shared handle
would mean a user couldn't create separate connection pools, and so it
may cause churn if the pool size wasn't large enough.
I don't think that's an insurmountable problem, however. I will raise
that as a part of a v2 discussion attempt if this fails to pass.
I'm also a bit late to this, but I'm not convinced on the design myself
either though from a different direction. To me, persisting connections
should be a deployment decision not a development decision; in order to use
these new persistent connections I have to change my code to opt into it,
or I have to wait for the libraries I'm using to do so. In reality, It'd be
much better if PHP could enable or disable persistent connections globally,
pools can then be tuned in php.ini per environment. If you were excluding
cookies from the store (a good choice as cookies are better handled at user
land) and curl already handles SSL related differences, this behaviour can
and should be transparent to the calling code - reusing or creating a new
connection shouldn't have any impact on how the request/response is
processed other than the speed at which things happen.
~C
Hello internals,
I have opened the vote for "Add persistent curl share handles":
https://wiki.php.net/rfc/curl_share_persistenceThe vote will last for two weeks, until 2024-11-08 0:00 UTC.
Thanks!
I've closed the vote on this RFC. The final result was 16 'yes' votes
and 8 'no' votes, and thus the RFC was accepted.
I'll update the GitHub pull request
(https://github.com/php/php-src/pull/15603) and work with interested
parties to get this merged in the following weeks. I appreciate the
feedback I have received so far, and I'm open to any additional
feedback here or in the pull request.
Thank you,
Eric