Use CURL in non-blocking mode

[md-5]

Note: You are strongly encouraged to use libcurl transport. The reason for that is, that the default CSocket transport doesn't verify server's SSL certificate which leaves you vulnerable to MITM attacks. However, use of libcurl will block the main ZNC thread at every push notification; for installations with many users, libcurl is not yet ideal, even with the above security concerns in mind.

This would fix the caveat and allow it to become usable for everyone.

[Mikaela]

CSocket transport doesn't verify server's SSL certificate which leaves you vulnerable to MITM attacks.

Is there an issue about this at CSocket?

[md-5]

CSocket transport doesn't verify server's SSL certificate which leaves you vulnerable to MITM attacks.

That was actually added recently, not sure if it was added to ZNC or CSocket directly though

[Mikaela]

The releated commits that I can find are https://github.com/jimloco/Csocket/commit/78a81945b7638b3df74d3a7ebeee0288331b2d73 and https://github.com/jimloco/Csocket/commit/1b96a7b1c0a7481ee353a1aed570dd7e4fbf3fca but I am not sure how to read them.

[amyreese]

The problem with using the non-blocking curl API is that it requires a mechanism for dealing with async within the context of ZNC plugin execution, which afaik is not possible, or at least not simple, due to everything running on the main ZNC thread. And considering the small amount of time I have for working on this project, I would greatly prefer to spend it improving the python branch instead.

However, if you or someone else would be interested in implementing these improvements, I would be more than happy to review a pull request. :)

[md-5]

async python in ZNC doesn't fly at all. As soon as ZNC leaves the event execution context it freezes all python threads.