cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] CURLOPT_CACERTSTORE

From: <girish_at_shankar-software.org>
Date: Mon, 09 May 2011 18:27:51 -0700

Hello All,

This is the first time I am contributing to open source.

We wanted a way to make sure that our program loads data ONLY from
our website. To ensure that we decided to use https. But the major
weakness of the scheme is that the list of root certificates supplied
with the software can be compromised either by the user or his
employees or by a third party.

So we decided to load the trusted root certificates from a signed
file. But such a feature is lacking in OpenSSL and curl. It loads
the trusted certificates from a untrusted plain text file.

This patch adds a CURLOPT_CACERTSTORE option where you can specify
the certificate store that you have loaded independently from a signed
file. Example file certstore.c shows you how to load the certificates
into a store.

This option is also useful if you want to save the time of parsing
all the root certificates again and again for each SSL connection.

-- 
Please don't hesitate to contact me for further assistance or information.
Thanks and best wishes.
G.Girish.
Shankar Software.
New 14, Old 8 Shankarapuram First Street,
Choolaimedu,
Chennai,
Tamil Nadu.
India - 600094.
Cell - +91-9841111718.
http://www.shankar-software.org/
------------------------------------------------------------



-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2011-05-10