cURL / Mailing Lists / curl-library / Single Mail


Re: Using default cert bundle with PolarSSL

From: Daniel Stenberg <>
Date: Mon, 23 Aug 2010 22:59:49 +0200 (CEST)

On Mon, 23 Aug 2010, Paul Bakker wrote:

>> But I really don't know how popular the ecdsa-with-SHA384 algorithm is in
>> the wild, or how much effort it would be to implement, so if nobody
>> responds here within a few days I will pass the info on to the polarssl
>> mailing list.
> ECDSA signatures are indeed not supported at this moment in PolarSSL. Most
> likely they will be in the 'near' future. But no specific timeline has been
> made yet. ECDSA will be 'optional' to conserve on space when required.

Perhaps it would make better sense for PolarSSL to simply ignore such
certificates then rather than to fail this way? AFAIK, our "caextract" service
is quite popular and since this cert in question is used by Firefox I figure
quite a lot of users are likely to end up with this cert in their cabundle and
thus they will get this problem.

(And no, I haven't really considered all the side effects a mere ignore would
cause so please forgive my ignorance if its a really bad idea.)

List admin:
Received on 2010-08-23