cURL / Mailing Lists / curl-library / Single Mail

curl-library

Remarks on the curl-7.12.1+srp-beta patch (issue 47)

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Thu, 30 Sep 2004 23:33:29 +0200 (CEST)

Hi

I post this here since I want to discuss this patch on the list where everyone
can join in.

(People, Peter host his patch set here: http://www.edelweb.fr/EdelKey/ and
I've just reviewed his patch with the name in the Subject, that is available
from this page, or directly at
http://www.edelweb.fr/EdelKey/files/curl-7.12.1+srp-beta.patch.gz)

General:

  I certainly want libcurl to be able to speak SRP and I appreciate your work
  on this!

Remarks:

  o I don't like to mix the SRP stuff in the defines and variable used for
    HTTP authentication. Using -u for user and password for the command line
    tool could possibly be OK, but extending CURLOPT_HTTPAUTH is more than I
    can take. What if you want SRP for FTPS connections. Should we require
    users to set CURLOPT_HTTPAUTH for it? It would be really confusing.

    Besides that, SRP doesn't prevent the HTTP server to ask for user and
    password which will make it simply not work. I can't see how you can add
    user and password for the transport layer without using new options for it,
    or break something.

  o Would it be possible to reverse the OPENSSL_NO_SRP define? I find
    constructs with double negations like #ifndef OPENSSL_NO_SRP very hard to
    read.

  o Please make the code use less than 80 columns per line

  o Your code writes a zero byte to the user+password string where it finds a
    colon. It will prevent the same string to be used multiple times, which we
    indeed want to!

Again: thanks for your contribution!

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html
Received on 2004-09-30