cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS commit

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Mon, 6 Feb 2012 22:57:44 +0100

Hi Daniel,

On Monday 06 February 2012 22:36:18 Daniel Stenberg wrote:
> I'm proposing changes as the attached patches show. I've not actually tried
> this against a live troublesome server so if you have/know any, please have
> a go and tell us how this behaves!
>
> Of course other opinions and feedback would be welcome as well.

although NSS came with a slightly different approach, it triggered an
avalanche of bug reports. Consequently, the security fix had to be disabled
by default in stable Fedora. I am about to extend your patchset to control
the appropriate SSL option of NSS in case libcurl is compiled against a new
enough version of NSS.

Now the question is whether we should stick to the OpenSSL terminology for
naming the new options, or choose something more generic. Unfortunately, no
sensible alternative comes to my mind right now :-/

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-02-06