cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: New SSL backend GSKit, certinfo for everyone, etc.

From: David Strauss <david_at_davidstrauss.net>
Date: Fri, 12 Jul 2013 11:22:04 -0700

For the sake of Fedora/Red Hat users like me whose libcurl is
NSS-linked, +1 on making certinfo more abstract.

On Fri, Jul 12, 2013 at 8:33 AM, Patrick Monnerat
<Patrick.Monnerat_at_datasphere.ch> wrote:
>
> Please find a big patch in attachment:
>
> It implements a new SSL backend: GSKit. It runs on OS400, but IBM
> supports it on other platforms too.
>
> Aside of it, this patch also prepares support of CURLINFO_CERTINFO for
> every SSL backend able to provide peer certificate and/or chain in DER
> format. This has been done by some code factorisation:
>
> - init_certinfo(), push_certinfo*() have been moved to sslgen.c
> - a new module x509asn1.c implements very lightweight ASN.1 and X509
> parsers, with functions to generate the certinfo from DER certificates.
> These are now already used (in the patch) by the QsoSSL and GSKit SSL
> backends, and may be easily called from other backends not implementing
> certinfo yet.
>
> The only info fields left TODO are the X509 V3 extensions.
>
> The internal function Curl_slist_append_nodup() has been implemented and
> used wherever needed.
>
>
> OS400 users will now have the ability to get CURLINFO_* slists in
> EBCDIC, including certinfo.
>
> The advantages of GSKit over QsoSSL are:
> - Not limited to a single SSL keyring per job: each connection may have
> its own SSL environment.
> - Reentrant.
> - Asynchronous handshake.
> - Cipher control.
> - SNI support (on OS400 version >= 7.1).
> - QsoSSL is obsolescent.
>
> Your comments are welcome. If nobody objects, I'll commit it in a few
> days.
>
> Good week-end to all of you,
> Patrick
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-- 
David Strauss
   | david_at_davidstrauss.net
   | +1 512 577 5827 [mobile]
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-07-12