On Tue, 6 Jan 2009, Vitaliy Kulikov wrote:

Welcome to our merry little project!

> I am an engineer at Google, and this is my first email to this mailing list.
> I implemented item 7.6 of your "TODO" wish list ("Provide callback for cert
> verification"), and I would like to contribute my changes back to the
> project. Could someone point me to a list of instructions on how I can get
> my changes reviewed and submitted?

I think your description here is perfect to explain what the chances are, and
then you can just make a patch (cvs diff -u) and post it to this very list and
we'll give it a review and comments and you update the nits we find and repost
the new patch and when everything is fine and dandy we commit!

> First, I created an implementation-independent list of common SSL
> certificate error codes

> Second, I added code to save certificate [error] data as part of the
> 'ssl_connect_data' data structure every time a secure connection needs to be
> established and a new set of certificates is received from the server. I
> save every certificate in binary along with the encoding method (DER is the
> only encoding supported at the moment) and the certificate error data. If
> there are multiple certificates in the chain, I save them all (I have a
> hard-coded limit of 16 certificates per chain at the moment).

What is the purpose of the saving of the certs? Ah, is that because you
_first_ save them all and then call the verification callback(s)?

> Third, I provide a way for the client code to supply the stack with a
> callback function to be called every time a new chain of certificates
> is received and validated.

That sounds like something people have asked for. And done in a SSL-library
agnostic way is really cool!

All in all these sounds like cool additions/fixes. We're just about to enter a
two-week feature freeze so I would rather not commit anything like this until
after 7.19.3 is out, but we can still work out the details and get it
perfected in the mean time.

-- 
  / daniel.haxx.se