cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] Implement Public Key Pinning

From: moparisthebest <admin_at_moparisthebest.com>
Date: Wed, 27 Aug 2014 13:09:16 -0400

On 08/26/2014 05:39 PM, Daniel Stenberg wrote:

> 1 - build with ./configure --enable-debug and gcc will help you point
> out a
> lot of C90 non-compliant mistakes, like mixing code and variable
> declarations and using // comments. Personally I also use
> --enable-werror
> to make really sure I don't miss a warning...

Following this and advice in GIT-INFO I am now using this configure line:
./configure --disable-shared --enable-debug --enable-maintainer-mode
--enable-debug --enable-werror

> 3 - the "Arbitrary size" in pkp_pin_peer_pubkey() is not explained much
> but
> is set to 2048. How about making it a define, putting it somewhere
> at the
> top and explaining some reasoning why 2048 might be suitable?

I realized this wasn't even actually needed, and simplified the code by
comparing the length of the pinned public key file to the length of the
public key returned by the server before even reading the file in.

I have also fixed the indenting issue, created documentation, and
created tests, though I'm not sure the tests are actually correct.

As before, the patch is attached and also pushed up to my fork on github:
https://github.com/moparisthebest/curl

Thanks for the input, and let me know anything else that needs done,
moparisthebest

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2014-08-27