cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: ssl callback

From: Peter Sylvester <Peter.Sylvester_at_EdelWeb.fr>
Date: Tue, 20 May 2003 15:52:04 +0200 (MET DST)

Hi,

The initial reason for request is that I have a key, a user cert and
a trustbase available as a PKCS12 file. Adding a callback at SSL creation
is a real hammer and may not be the most elegant way since it adds
more dependency towards openssl.

An option could be to allow keys also coming from "memory" in whatever way.

> >
> > I want to modify the relative part of the url in action, i.e., I initially
> > use
> >
> > https://myhost
> >
> > and in the server cert I have an extension that tells me
> >
> > https://myhost/this/service
>
> I'm sorry, I don't understand. Why do you set one URL first and then you want
> to change it before the first was ever used? Why not just set the full one at
> once?

The first is actually not an URL but only a host. I don't have the exact URL
at the moment when th connection is established. The usage if this in
our project is not a real problem but one other usage would be in
a "sacred" environment where you have a PKCS11 module and the
user types "host:login" to connect to a authentication server to download
his credentials.

>
> > the url send an http host can be the full URL. I tried to set the ppath
> > unconditionally, the code works.
>
> No. The path used a GET line to a typical HTTP server shall not be the full
> URL, only the path part. Only proxies get the full URL in there. Your test
> server might not complain, but we cannot do that serious violation against
> the RFC. Others will not appreciate that.

HTTP 1.1 servers MUST accept the absoluteURI. See page 37 of RFC 2616.

I can add some logic that tests whether after the
conn->ppath calculation the url had been changed or whether
the version string is 1.1

The suggested solution is to just avoid a recalculation of
conn->ppath whenever one sets a URL.

regards

-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
Received on 2003-05-20

This message: [ Message body ]
Next message: Peter Sylvester: "Re: ssl callback"
Previous message: Daniel Stenberg: "Re: ssl callback"
Maybe in reply to: Daniel Stenberg: "Re: ssl callback"
Next in thread: Peter Sylvester: "Re: ssl callback"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]