cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL patch

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Wed, 16 Jun 2004 09:10:29 +0200 (CEST)

On Tue, 15 Jun 2004, Gisle Vanem wrote:

> I asked about Common Names regarding IDNA:
> http://www.mail-archive.com/openssl-dev@openssl.org/msg17603.html
>
> and got some conflicting answers, but I think libcurl does the right thing
> by comparing 'peer'_CN' against 'conn->host.name'. Not sure about the
> ASN1_STRING_to_UTF8() wrt. IDNA. Until I find an ACE-host with a
> certificate, I'll leave it.

Joe Orton is generally a person with knowledge and clues. I'd put my money on
his suggestion (= having the ACE string in the cert).

  [ patch ]

This is a great patch and I want to apply it. I only have one little nit about
it that we need to sort out first: you add an argument to the debug callback.
This will break older apps that use this! While that is of course an option, I
think we should try to think this through first.

Why does the ssl-data get passed in to the callback using the 'extra' argument
and not just using the regular data pointer?

Uh, and regarding your question about the lack of a Curl_debugf(), I think we
should add such a function as soon as we feel a need for it. It would simply
use a ... argument and build a buffer that it passes to the current
Curl_debug() function.

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html
Received on 2004-06-16