cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] Handle --cacert option on Mac OS X with darwinssl

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Tue, 22 Apr 2014 17:43:32 -0500

On Apr 20, 2014, at 4:39 PM, Vilmos Nebehaj <v.nebehaj_at_gmail.com> wrote:

> attached a patch which implements --cacert when cURL is compiled with
> darwinssl support (Security Framework on Mac OS X).

I've skimmed over it, and I'm reluctant to include it in the next point release, mainly because this is a huge change to secure code used by millions of people[1], and we've already learned in the past two months how a single line in supposedly secure code can cause a huge security hole (see "goto fail" and Heartbleed).

We ought to consider this for a future release, though. Thanks for the patch.

Nick Zitzmann
<http://www.chronosnet.com/>

[1] seriously, it's a core component of OS X starting in Mavericks

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-04-23

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [PATCH] Handle --cacert option on Mac OS X with darwinssl"
Previous message: Daniel Stenberg: "RE: Null pointer being passed to gnutls_x509_crt_import in gtls_connect_step3"
In reply to: Vilmos Nebehaj: "[PATCH] Handle --cacert option on Mac OS X with darwinssl"
Next in thread: Daniel Stenberg: "Re: [PATCH] Handle --cacert option on Mac OS X with darwinssl"
Reply: Daniel Stenberg: "Re: [PATCH] Handle --cacert option on Mac OS X with darwinssl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]