On Fri, Jul 12, 2013 at 05:33:26PM +0200, Patrick Monnerat wrote:
> Please find a big patch in attachment:

138KB. Yup. Any chance of splitting it into at least two parts, the OS400 stuff
and everything else?

> It implements a new SSL backend: GSKit. It runs on OS400, but IBM
> supports it on other platforms too.
>
> Aside of it, this patch also prepares support of CURLINFO_CERTINFO for
> every SSL backend able to provide peer certificate and/or chain in DER
> format. This has been done by some code factorisation:
>
> - init_certinfo(), push_certinfo*() have been moved to sslgen.c

Sounds good!

> - a new module x509asn1.c implements very lightweight ASN.1 and X509
> parsers, with functions to generate the certinfo from DER certificates.
> These are now already used (in the patch) by the QsoSSL and GSKit SSL
> backends, and may be easily called from other backends not implementing
> certinfo yet.

I'm a bit hesitant about this part. It seems that more and more
X.509/TLS stuff is slowly finding its way into curl itself. The ASN.1
code especially seems to me to be the kind of thing that should be in
a cross-platform library of some sort that curl can depend on instead.
That kind of parsing code is the kind that's hard to get completely
right from a security standpoint.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-07-12