cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SV: 1. FTP cmd channel and data channel validation, 2. Cert chain for data channel

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 15 Sep 2010 22:42:10 +0200 (CEST)

On Wed, 15 Sep 2010, Mehmet Bozkurt wrote:

>> You up to work on this?
>
> Sure =)!

Great!

> But I'm new to submitting code to open source projects. Should I make a
> solution proposal and send it to you as a patch or do we first decide,
> jointly, on how to solve the problem?

Whatever works best for you. If you want to try the concept on us first, then
do that, but if you prefer to write up the code and try out an implementation
in your end first and then show us that, it certainly works as well.

>> The current implementation doesn't really allow this but it should be
>> fairly easy to just allow it to keep two instances around...
>
> A patch might be in place here as well? Adding a callback somewhere after
> ssl_connect, to allow a client to verify the certs etc, for all ssl
> connections. however, I need to read up some more on Open SSL to fully
> understand what is going on.

One tricky part with SSL stuff in the libcurl code is that we want to allow as
much functionality as possible that isn't bound to any particular SSL library,
as we have many users using GnuTLS or NSS (and more!) as alternatives to
OpenSSL. (Although CERTINFO is the black sheep in this company as it only
works with OpenSSL...)

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-09-15