added Cris Bailiff's CAdir option suggestion

author: Daniel Stenberg <daniel@haxx.se> 2002-02-07 10:43:43 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2002-02-07 10:43:43 +0000
commit: 5cffe055ad96a76a4f06d01055c42308290bcdff (patch)
tree: 0de5ca52096c89bfbb3335f7e242efcca836dca5 /docs/TODO
parent: 3d4511daf3cc54c487af7167cf0f574d50654c9a (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/TODO b/docs/TODO
index e308a02e4..367c46a03 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -127,6 +127,14 @@ TODO
 
  SSL
 
+ * If you really want to improve the SSL situation, you should probably have a
+   look at SSL cafile loading as well - quick traces look to me like these are
+   done on every request as well, when they should only be necessary once per
+   ssl context (or once per handle). Even better would be to support the SSL
+   CAdir option - instead of loading all of the root CA certs for every
+   request, this option allows you to only read the CA chain that is actually
+   required (into the cache)...
+
  * Add an interface to libcurl that enables "session IDs" to get
    exported/imported. Cris Bailiff said: "OpenSSL has functions which can
    serialise the current SSL state to a buffer of your choice, and
author	Daniel Stenberg <daniel@haxx.se>	2002-02-07 10:43:43 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2002-02-07 10:43:43 +0000
commit	5cffe055ad96a76a4f06d01055c42308290bcdff (patch)
tree	0de5ca52096c89bfbb3335f7e242efcca836dca5 /docs/TODO
parent	3d4511daf3cc54c487af7167cf0f574d50654c9a (diff)