cURL / Mailing Lists / curl-library / Single Mail

curl-library

SV: SV: 2. Cert chain for data channel

From: Mehmet Bozkurt <mehmet.bozkurt_at_xware.se>
Date: Fri, 1 Oct 2010 08:52:50 +0200

>
> > I have added a new callback type (this is for LibCurl built with
> OpenSSL
> > only) after SSL_connect in ossl_connect_step2, ssluse.c. Here, the
> > application gets a chance to inspect/modify etc. the OpenSSL SSL
> object used
> > in the connection. We have our own cert verification functionality
> which I
> > call from here.
>
> And you really need your own cert verification? Is there any way you
> can think
> of to do this that doesn't expose any TLS-library specific details?
>
> I really want to avoid adding functionality that MUST have a particular
> SSL
> library. The current situation is bad enough already! ;-/
>
> --

Yes we need to do our own cert verification but I understand the situation
and your reluctance to
further add library specific code. At the moment this is the most convenient
way for us to solve this.
But if the demand for this specific functionality is not very high, and only
me asking for it at the moment,
don't add it and I'll maintain my own libcurl version for now.

Thanks anyway!

/Mehmet.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-10-01