cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] Pinned public key hash support

From: moparisthebest <admin_at_moparisthebest.com>
Date: Wed, 01 Jul 2015 10:44:49 -0400

Hello all,

Attached is the (hopefully) final patch implementing pinned public key
hash support.

On 06/29/2015 10:14 AM, Daniel Stenberg wrote:
> First, your patch actually uses strstr() which scans for that substring.
> You want plain memcmp() or strncmp().
>
> Then, as we're introducing a new prefix to activate this magic we can
> probably make it even less likely to be a subdir, by for example using
> double slashes or something: "sha256//".

I've implemented both suggestions.

I've also updated the documentation of that option and all flags and
such, and added 2 tests for the new functionality.

Also attached is a separate optional patch that creates a new base64
function that uses an existing memory buffer instead of allocating a new
one every time. This lets us do 1 malloc/free no matter how many hashes
are supplied, instead of 1 for each hash supplied. It's possible this
could be of use in other places in libcurl, but I haven't looked yet.

You can also find the commits pushed to github here:
https://github.com/moparisthebest/curl/commit/4b6ff5bad3f329ab92113bd27293b8d8de68506c
https://github.com/moparisthebest/curl/commit/9f37e2bc94b485e7eff0c49ccc3ec68ca5101dd3

Thanks much!
Travis Burtrum

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2015-07-01