cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Custom OpenSSL crypto engine not known to cURL

From: Yang Tse <yangsita_at_gmail.com>
Date: Wed, 10 Mar 2010 18:49:00 +0100

I'm not sure everyone using an OpenSSL enabled libcurl, either static
or dynamic version, would want to allow any user, or script, capable
of setting OPENSSL_CONF environment variable to modify application
behavior beyond developers or distributors control.

In any case, we could allow any application using libcurl to specify
if they chose to ignore or honor OPENSSL_CONF environment variable
introducing a new flag for curl_global_init(). For example
CURL_GLOBAL_SSL_CONF or the contrary CURL_GLOBAL_SSL_NOCONF. If we
continue with the no-surprises policy, the default should probably be
to not honor the OPENSSL_CONF environment variable unless
curl_global_init() is called with flag CURL_GLOBAL_SSL_CONF set.

On the other hand it could be interesting to enable the feature as
default for curl tool.

Additionally, when OPENSSL_CONF is used it could be interesting to
attempt to get configuration values from a [libcurl_conf] specific
section in order to allow greater flexibility.

Just some thoughts

-- 
-=[Yang]=-
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-03-10