On Mon, 27 Dec 2010, Quinn Slack wrote:

> Got it. Will work on this.

I have the date January 20th marked as feature freeze date for the next
release, so we should try to get your patch in before then.

Do you have any more recent updates?

>> Cool! But since stunnel is OpenSSL-based, won't this require that we build
>> stunnel with an OpenSSL with the SRP patch applied?
>
> Yes, didn't think about this. What do you recommend the tests work against?
> The only server implementations of TLS-SRP that don't require patching are
> Apache/mod_gnutls and TLS Lite (a Python lib), unless I'm missing any.
> Apache/mod_gnutls is too heavy to use for testing. Given the lack of better
> options, is it OK to add a dependency of Python and TLS Lite for the TLS-SRP
> tests?

As I believe having tests is better than not having tests, I think taking some
new requirements for that can be worth it. Possibly we can then work on a
future change that reduces the reqirements. We should also just make sure that
if the requirements aren't met, the particular tests should just be skipped
and not cause any other havoc.

> (I've talked to some people about the OpenSSL TLS-SRP patch. It has been
> maintained and works against recent OpenSSL releases, but it's still unclear
> when it will be accepted.)

Ok cool, then at least then we should do things so that we don't make it hard
for us when/if OpenSSL introduces SRP in a future.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html