On Dec 27, 2010, at 5:23 AM, Daniel Stenberg wrote:

> I think it will make sense to still get some #define set internally in libcurl when TLSAUTH support is found and used, so that we can make curl_easy_setopt() return failure for the cases where an app would try to set the TLSAUTH options without there being underlying support for them.

Got it. Will work on this.

>> I'll also work on some tests (will have to figure out how to get stunnel working with TLS-SRP).
>
> Cool! But since stunnel is OpenSSL-based, won't this require that we build stunnel with an OpenSSL with the SRP patch applied?

Yes, didn't think about this. What do you recommend the tests work against? The only server implementations of TLS-SRP that don't require patching are Apache/mod_gnutls and TLS Lite (a Python lib), unless I'm missing any. Apache/mod_gnutls is too heavy to use for testing. Given the lack of better options, is it OK to add a dependency of Python and TLS Lite for the TLS-SRP tests?

(I've talked to some people about the OpenSSL TLS-SRP patch. It has been maintained and works against recent OpenSSL releases, but it's still unclear when it will be accepted.)

-Quinn
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-12-27