cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Remarks on the curl-7.12.1+srp-beta patch (issue 47)

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Mon, 4 Oct 2004 00:15:45 +0200 (CEST)

On Fri, 1 Oct 2004, Peter Sylvester wrote:

> I see a small problem in the user friendliness of the interface to curl: If
> -u is used for both basic auth and srp auth, this may result in a srp
> password transferred in clear if the user forgets to specify --srp, etc.
>
> I tend to prefer simply --srpuser user --srppass password

I agree with this.

I assume we then enable SRP authentication if the CURLOPT_SRP_USERNAME is set?

Is there any other authentication method possible to add in a (distant) future
OpenSSL? I mean, would it make sense to instead use CURLOPT_TLS_USERNAME and a
CURLOPT_TLS_AUTH to set to SRP etc?

Also, what is the status of the SRP OpenSSL patch? Is gonna be applied into
the head and get included in an actual release anytime soon? It seems we don't
have any hurry to support this in the main code until that happens... (I'm
thinking in terms of postponing the SRP patch for the next release.)

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html
Received on 2004-10-04