curl-library
Re: Patch for TLS-SRP support (using GnuTLS)
Date: Thu, 20 Jan 2011 17:26:14 -0800
On Wed, Jan 19, 2011 at 11:24:23PM +0100, Daniel Stenberg wrote:
> I've now committed and pushed this.
Great, thanks!
> - We now lack documentation in docs/curl.1 for the three new command
> line options and in docs/libcurl/curl_easy_setopt.3 for the three
> new options
I've attached a patch with some basic docs for these.
> and in docs/libcurl/libcurl-errors.3 for the new error code.
On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It was only
being raised when an internal error occurred while allocating or setting the GnuTLS
SRP client credentials struct. For TLS authentication failures, the general
CURLE_SSL_CONNECT_ERROR seems appropriate; its error string already includes
"passwords" as a possible cause. Having a separate TLS auth error code might also
cause people to think that a TLS auth failure means the wrong username or password was
entered, when it could also be a sign of a man-in-the-middle attack. Patch attached to
eliminate CURLE_TLSAUTH_FAILED.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- text/x-diff attachment: 0001-curl-tls-srp-docs.patch
- text/x-diff attachment: 0001-curl-remove-CURLE_TLSAUTH_FAILED.patch