On Mon, 20 Dec 2010, Quinn Slack wrote:

> Sure, I just put up the TLS-SRP patch at
> http://stanford.edu/~sqs/curl-tls-srp-20101220.patch
> and pasted it below. Patch is against 7f3b87d (up-to-date as of Dec 19).

Thanks a lot for your work on this!

I'm quite prepared to apply this, but reading through it I detected a sort of
inconsistency. I'll elaborate:

We're talking about adding support for TLS authentication, using the specific
auth type SRP, right? SRP is a concept that is not specificly bound to TLS.

Also, I figure there's a probability that we will add support for more/other
types in the future.

> +if test "x$GNUTLS_ENABLED" = "x1"; then
> + SUPPORT_FEATURES="$SUPPORT_FEATURES SRP"
> +fi

... so I think this is either better called TLS-SRP or possibly without
specifying the type just "TLSAUTH" or something.

> + CURLE_SRP_FAILED, /* 89 - Failed SRP auth */

> +#define CURL_VERSION_SRP (1<<14) /* SRP authentication is supported */

... and these feel like they are for TLSAUTH that failed and the bit would be
for TLASAUTH.

BTW, does this TLSAUTH and SRP stuff depend on some particular GnuTLS version?
Our currently set "goal" is to work with GnuTLS 1.2.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html