On 03/19/2011 12:39 PM, Peter Sylvester wrote:
> hi,
>
> given that the latest openssl now contains support for SRP,
> here a patch for openssl. since gnu-tls is already supported
> in curl, the patch is rather simple:
>
> adds some test to configure.ac and some logic to ssluse.c
>
> I do not have tested whether the behaviour is like with gnu-tls
> potential issues:
>
> In case when the tlsauth is enabled:
>
> - what should be the default ssl version?
> I'll set TLSv1 if non was given.
>
> - The default ciphersuites in openssl do not include SRP
> if no ciphersuite is given by the user,
> SRP is set as the default.
I forgot: since the openssl srp is not documented (yet):

   touch verifiers
   openssl srp -srpvfile verifiers -add -gn 2048 theuser

   (ignore the error message about attr)

the resulting file can be used in openssl s_server for testing

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-03-19