moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity

TODO: "Support in-memory certs/ca certs/keys"

Browse Source 
removed SSLKEYLOGFILE support (fixed)

removed "consider SSL patches" (outdated)

Closes #2310
This commit is contained in:
Daniel Stenberg 2018-02-18 22:45:17 +01:00
parent 174212972c
commit a3e52a7b2d
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
docs/TODO
View File

@ -106,13 +106,12 @@
13. SSL
13.1 Disable specific versions
13.2 Provide mutex locking API
13.3 Evaluate SSL patches
13.3 Support in-memory certs/ca certs/keys
13.4 Cache/share OpenSSL contexts
13.5 Export session ids
13.6 Provide callback for cert verification
13.7 improve configure --with-ssl
13.8 Support DANE
13.10 Support SSLKEYLOGFILE
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
13.12 Support HSTS
13.13 Support HPKP
@ -715,10 +714,13 @@ that doesn't exist on the server, just like --ftp-create-dirs.
library, so that the same application code can use mutex-locking
independently of OpenSSL or GnutTLS being used.
13.3 Evaluate SSL patches
13.3 Support in-memory certs/ca certs/keys
Evaluate/apply Gertjan van Wingerde's SSL patches:
https://curl.haxx.se/mail/lib-2004-03/0087.html
You can specify the private and public keys for SSH/SSL as file paths. Some
programs want to avoid using files and instead just pass them as in-memory
data blobs. There's probably a challenge to make this work across the
plethory of different TLS and SSH backends that curl suppports.
https://github.com/curl/curl/issues/2310
13.4 Cache/share OpenSSL contexts
@ -770,16 +772,6 @@ that doesn't exist on the server, just like --ftp-create-dirs.
Björn Stenberg wrote a separate initial take on DANE that was never
completed.
13.10 Support SSLKEYLOGFILE
When used, Firefox and Chrome dumps their master TLS keys to the file name
this environment variable specifies. This allows tools like for example
Wireshark to capture and decipher TLS traffic to/from those clients. libcurl
could be made to support this more widely (presumably this already works when
built with NSS). Peter Wu made a OpenSSL preload to make possible that can be
used as inspiration and guidance
https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root