cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] GnuTLS: Work around failure to check certs against IP addresses

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Sun, 13 Jul 2014 01:09:19 +0200

On Sat, Jul 12, 2014 at 05:59:56PM +0100, David Woodhouse wrote:
> The cipher list problem was because Fedora's GnuTLS doesn't have SRP
> support. Given that gnutls_set_priority_direct() actually *gives* us a
> pointer to the part of the string that it objected to, our error
> handling could stand to be improved somewhat at that point.

This is rather unfortunate. I'll improve the error message as you suggest,
but I wonder what the best way is to determine whether SRP is supported
or not. Is there a compile-time check that can be used, or will it have
to be done through some kind of probing at run time?

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-13