cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Support for openssl trusted_first flag

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 28 May 2015 11:28:06 +0200 (CEST)

On Tue, 26 May 2015, Ryan Schmidt wrote:

> Some time ago the idea was brought up to use openssl's new -trusted_first /
> X509_V_FLAG_TRUSTED_FIRST mode; a patch was provided:
>
> http://curl.haxx.se/mail/lib-2011-12/0223.html

I basically only have one question on this: how would a user know when to use
and not use --trusted_first ?

Isn't this one of those options that just should be enabled if available?
What's the downside with that? Or possibly we can have it enabled by default
and allow the user to switch it off in case of trouble?

PS, an alternative patch can be found here and this version has better
error-checking of the OpenSSL calls used:

http://kriscience.blogspot.se/2013/03/supporting-trusted-but-untrusted.html

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2015-05-28

This message: [ Message body ]
Next message: Lucas Pardue: "RE: HTTP/2 server push, callback?"
Previous message: Daniel Stenberg: "RE: Adding CURL handles to running CURLM"
In reply to: Ryan Schmidt: "Support for openssl trusted_first flag"
Next in thread: Ray Satiro via curl-library: "Re: Support for openssl trusted_first flag"
Reply: Ray Satiro via curl-library: "Re: Support for openssl trusted_first flag"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]