On Mon, Jan 10, 2011 at 02:18:31PM +0100, Daniel Stenberg wrote:
> On Mon, 27 Dec 2010, Quinn Slack wrote:
>
> Do you have any more recent updates?

Yes, I've attached a revised version of the patch that includes tests. I
realized I could use gnutls-serv, which comes with GnuTLS and can act as a
simple TLS-SRP Web server.

Adds http+tls-srp <server> test option and new tests 320-324:

test320 simple TLS-SRP HTTPS GET, check user in response
test321 TLS-SRP with bad username and password
test322 TLS-SRP with bad password
test323 TLS-SRP to non-TLS-SRP server
test324 TLS-SRP with server cert checking

Tests 300-324 all pass under GnuTLS, including torture tests (with the other
mem leak fix, thanks for applying!).

In the code itself, there aren't yet any #ifdefs for TLS-SRP support; if
GnuTLS is used, then TLS-SRP support will be enabled. There's also no check
to ensure that the GnuTLS version is new enough (>=2.3) to have the right
values for the TLS-SRP cipher suite. I'll work on those now. How does
everything else look, though?

-Quinn

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html