cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: TLS client authentication in curl_darwinssl.c

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 24 Apr 2013 22:36:48 +0200 (CEST)

On Mon, 22 Apr 2013, Nick Zitzmann wrote:

> I'm asking for feedback on a proposed change: I've implemented using a
> client certificate for TLS authentication in the curl_darwinssl code, but I
> had to make it work differently than the other back-ends, because Apple's
> Security framework expects the certificate and private key to be in the
> system or user Keychain instead of in a file on the disk.
>
> So when the user uses the --cert option in the curl tool, they would provide
> the name of the certificate from the Keychain instead of a file, and would
> not have to provide a private key. I think NSS works the same way, but
> before I commit, I was wondering if it's okay if we do this if the
> difference is documented (which I did, in the man pages)?

I think it is fine to do like this, yes. And yes, document the differences in
the suitable places for the options in the man pages.

To me it sounds similar to how the NSS backend does things...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-24