[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 91/150: TODO: "Support in-memory certs/ca certs/key
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 91/150: TODO: "Support in-memory certs/ca certs/keys" |
Date: |
Fri, 30 Mar 2018 16:49:05 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit a3e52a7b2d81f1533adb23e69daf8db299ab2568
Author: Daniel Stenberg <address@hidden>
AuthorDate: Sun Feb 18 22:45:17 2018 +0100
TODO: "Support in-memory certs/ca certs/keys"
removed SSLKEYLOGFILE support (fixed)
removed "consider SSL patches" (outdated)
Closes #2310
---
docs/TODO | 22 +++++++---------------
1 file changed, 7 insertions(+), 15 deletions(-)
diff --git a/docs/TODO b/docs/TODO
index f7b5101d3..72834c9d1 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -106,13 +106,12 @@
13. SSL
13.1 Disable specific versions
13.2 Provide mutex locking API
- 13.3 Evaluate SSL patches
+ 13.3 Support in-memory certs/ca certs/keys
13.4 Cache/share OpenSSL contexts
13.5 Export session ids
13.6 Provide callback for cert verification
13.7 improve configure --with-ssl
13.8 Support DANE
- 13.10 Support SSLKEYLOGFILE
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
13.12 Support HSTS
13.13 Support HPKP
@@ -715,10 +714,13 @@ that doesn't exist on the server, just like
--ftp-create-dirs.
library, so that the same application code can use mutex-locking
independently of OpenSSL or GnutTLS being used.
-13.3 Evaluate SSL patches
+13.3 Support in-memory certs/ca certs/keys
- Evaluate/apply Gertjan van Wingerde's SSL patches:
- https://curl.haxx.se/mail/lib-2004-03/0087.html
+ You can specify the private and public keys for SSH/SSL as file paths. Some
+ programs want to avoid using files and instead just pass them as in-memory
+ data blobs. There's probably a challenge to make this work across the
+ plethory of different TLS and SSH backends that curl suppports.
+ https://github.com/curl/curl/issues/2310
13.4 Cache/share OpenSSL contexts
@@ -770,16 +772,6 @@ that doesn't exist on the server, just like
--ftp-create-dirs.
Björn Stenberg wrote a separate initial take on DANE that was never
completed.
-13.10 Support SSLKEYLOGFILE
-
- When used, Firefox and Chrome dumps their master TLS keys to the file name
- this environment variable specifies. This allows tools like for example
- Wireshark to capture and decipher TLS traffic to/from those clients. libcurl
- could be made to support this more widely (presumably this already works when
- built with NSS). Peter Wu made a OpenSSL preload to make possible that can be
- used as inspiration and guidance
- https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c
-
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 124/150: WolfSSL: adding TLSv1.3, (continued)
- [GNUnet-SVN] [gnurl] 124/150: WolfSSL: adding TLSv1.3, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 137/150: FTP: reject path components with control codes, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 101/150: url: Add option CURLOPT_RESOLVER_START_FUNCTION, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 131/150: Curl_range: fix FTP-only and FILE-only builds, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 125/150: THANKS + mailmap: remove duplicates, fixup full names, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 34/150: file: Check the return code from Curl_range and bail out on error, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 48/150: build-openssl.bat: Extend VC15 support to include Enterprise and Professional, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 63/150: sha256: avoid redefine, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 79/150: non-ascii: fix implicit declaration warning, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 84/150: CURLOPT_HEADERFUNCTION.3: mention folded headers, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 91/150: TODO: "Support in-memory certs/ca certs/keys",
gnunet <=
- [GNUnet-SVN] [gnurl] 107/150: winbuild: Use macros for the names of some build utilities, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 93/150: examples/sftpuploadresume: resume upload via CURLOPT_APPEND, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 97/150: url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 87/150: test1154: verify that long HTTP headers get rejected, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 99/150: sasl: prefer PLAIN mechanism over LOGIN, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 123/150: RELEASE-NOTES/THANKS: synced with cc1d4c505, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 88/150: header callback: don't chop headers into smaller pieces, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 113/150: travis: update compiler versions, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 118/150: NO_PROXY: fix for IPv6 numericals in the URL, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 132/150: SECURITY.md: call it the security process, gnunet, 2018/03/30