cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: 2 SSL related patches for libcurl (fwd)

From: David Byron <DByron_at_everdreamcorp.com>
Date: Fri, 5 Mar 2004 09:48:08 -0800

On Fri, 5 Mar 2004, Daniel Stenberg wrote:

> These patches are growing old, but I am interested in
> opinions about them.

I probably won't take advantage of these features, just because I don't know
enough. I'd be more likely to try them out if they were part of curl.exe
too (at least the verify depth feature), but even so I'm not sure I'd use
them.

While looking at these, I found something I don't understand in ssluse.c.
I'm hoping someone can explain it for me. My big picture question is, does
cert_verify_callback have to do anything except return the ok argument? If
it just returned ok, would we still be verifying the certificate?

The reason for asking is the 256 byte buffer that's allocated on the stack
in cert_verify_callback. I seem to have developed a strong reflex for
trying to get relatively big variables like this off the stack....probably
not a problem, but I've been bitten in the past.

As well, how come 256 bytes? Maybe someone who knows openssl better than me
thinks the answer is obvious, but I could use a comment explaining it.

Thanks for your help.

-DB
Received on 2004-03-05