cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH 1/4] nss: select client certificates by DER

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 4 Oct 2011 12:52:38 +0200

On Wed September 14 2011 12:49:18 Kamil Dudka wrote:
> Hi libcurl hackers,
>
> as the new release is out (thanks for the release btw.), I think it is time
> do some cleanup in the libcurl-NSS code. In the first place, I would like
> to change the way it identifies client certificates loaded from files. It
> has been using nicknames derived from file base names. File base names
> are not unique, which was causing collisions in the certificate selection
> callback.
>
> With these patches applied, it identifies certificates by DER, which is
> extracted directly from the object handle that NSS returns. So there
> should be no collisions on nicknames any more. It also removes the code
> the creates the NSS undocumented nicknames for certificates from files.

Any objections to push this patchset? We have been rolling the patches in
rawhide Fedora for two weeks with no issues reported so far...

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-10-04