curl-library
Re: Patch for TLS-SRP support (using GnuTLS)
Date: Mon, 10 Jan 2011 21:43:56 +0100 (CET)
On Mon, 10 Jan 2011, Quinn Slack wrote:
> In the code itself, there aren't yet any #ifdefs for TLS-SRP support; if
> GnuTLS is used, then TLS-SRP support will be enabled. There's also no check
> to ensure that the GnuTLS version is new enough (>=2.3) to have the right
> values for the TLS-SRP cipher suite. I'll work on those now. How does
> everything else look, though?
It looks really good I think.
I did two minor improvements, see patches attached.
I also found out that using gnutls-serv for this purpose is troublesome: my
gnutls-serv version (2.8.6 on Debian) returns different HTTP contents for me
with the exact same use, compared to what you got and did the test cases for!
We could probably borrow the gnutls-serv code and put that in our test/server
directory and build our own (simplified) SRP test server to avoid the problem
with different outputs. But the downside with that is that we get another test
tool that is bound to a specific devel packaged SSL library being installed.
-- / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- TEXT/X-DIFF attachment: 0002-runtests-check-for-find_gnutls_serv.patch
- TEXT/X-DIFF attachment: 0001-curl_easy_strerror-add-CURLE_TLSAUTH_FAILED.patch