curl-library
RE: axTLS patch set
Date: Sat, 11 Dec 2010 15:34:44 +0100 (CET)
On Fri, 10 Dec 2010, Hu, Eric wrote:
> So, even though axTLS is still failing some https tests, is this good enough
> for now?
Since the impact is very small on non-axTLS parts I think it is good enough to
get pushed - after the pending release (planned to happen on Thursday).
Functionality wise, axTLS doesn't like my ca cert bundle so whatever site I
try I can't get axTLS to play with me. See below, but the exact site doesn't
seem to matter:
$ ./src/curl https://www.sf.net/ -1 -v -k
* About to connect() to www.sf.net port 443 (#0)
* Trying 216.34.181.60... connected
* Connected to www.sf.net (216.34.181.60) port 443 (#0)
Error: Invalid X509 ASN.1 file
* error reading ca cert file /etc/ssl/certs/ca-certificates.crt
* Curl_axtls_close
Error: No trusted cert is available
* Closing connection #0
* Curl_axtls_close
* Curl_axtls_close
* Curl_axtls_close
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
* Curl_axtls_close_all
(The ca cert is the one Debian unstable ships and it should be fine as it
works with OpenSSL and GnuTLS etc.)
> I could probably put together an axTLS patch for tests 311 and 312. Adding
> CRL for test 313 and getting axTLS working with multi (test 560) aren't so
> straightforward (at least not to me at the moment), though given enough
> time, I could probably sort them out.
Hopefully others can also join in and help smoothen the remaining rough edges
once there's basic support added.
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2010-12-11