1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 16:48:49 -05:00

TODO: Configurable loading of OpenSSL configuration file

Closes #2724
This commit is contained in:
Daniel Stenberg 2018-07-10 10:57:20 +02:00
parent 522236f55e
commit d3bd7cb388
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -112,6 +112,7 @@
13.6 Provide callback for cert verification 13.6 Provide callback for cert verification
13.7 improve configure --with-ssl 13.7 improve configure --with-ssl
13.8 Support DANE 13.8 Support DANE
13.9 Configurable loading of OpenSSL configuration file
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
13.12 Support HSTS 13.12 Support HSTS
13.13 Support HPKP 13.13 Support HPKP
@ -767,6 +768,17 @@ that doesn't exist on the server, just like --ftp-create-dirs.
Björn Stenberg wrote a separate initial take on DANE that was never Björn Stenberg wrote a separate initial take on DANE that was never
completed. completed.
13.9 Configurable loading of OpenSSL configuration file
libcurl calls the OpenSSL function CONF_modules_load_file() in openssl.c,
Curl_ossl_init(). "We regard any changes in the OpenSSL configuration as a
security risk or at least as unnecessary."
Please add a configuration switch or something similar to disable the
CONF_modules_load_file() call.
See https://github.com/curl/curl/issues/2724
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root