On Thu, 7 Mar 2013, Suresh Krishnaswamy wrote:

> Attached is a patch that adds DANE support to libcurl (tested on 7.29.0).

Awesome! Many thanks for this. This is a feature I've really been wanting to
see added so I'm really glad to see this patch and the fact that it could be
done in such a small patch. This said, this patch needs more work before we
can merge it:

A. The configure.ac check should check for the required libs properly using
    correct autoconf mechanisms. What's the reason you need to specify
    -lsres and -lpthread when you're "only" using the val-threads lib? For
    static linking?

B. I would like a more generic placement of the DANE checks so that we can do
    it independently of what SSL backend we build libcurl to use.

    Is there anything speaking against it being functional when not using
    OpenSSL?

C. I think we need options to control whether DANE should be checked at all,
    and possibly we should allow users to force DANE checks to be used (and
    fail if they fail).

D. val_getdaneinfo() seems like a blocking function call. Since it involves
    DNS and what not, that could potentially take a very long time. Is there
    any non-blocking alternative APIs or what can we do to avoid long blocks?

    Is there documentation somewhere for the lib?

E. I can't download dnsval. I tried it from
    http://www.dnssec-tools.org/download/dnsval-2.0.tar.gz but I get a 403
    "Forbidden". (and I didn't find any debian package for it as a backup
    solution)

F. There's some minor code style violations.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html