cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] Implement Public Key Pinning

From: moparisthebest <admin_at_moparisthebest.com>
Date: Wed, 01 Oct 2014 12:44:40 -0400

I have updated this patch on top of current git. It is attached and
also available at github:

https://github.com/moparisthebest/curl

On 09/29/2014 06:19 PM, Daniel Stenberg wrote:
> I think the documentation for these features should
> mention that only the OpenSSL backend supports this feature - as we have
> a large amount of users using other backends and they will look for
> answers why.

I believe the patch does mention that only OpenSSL is supported for now
in all the relevant places.

> The test cases fail.

Once I figured out why the first was failing if I modified it in any way
this was fairly easy to resolve. :) There is one test case for a
correct pinned public key and one test case where it will fail because
the pinned public key is wrong. I had to extract the .pub.der files
from the private keys, and I put this in the genserv.sh script as well
so they will be there when if ever the certs are regenerated.

As a side-note with regard to tests, if only to myself, all my editors
'helpfully' corrected the entire file with \n line endings every time I
made a change, when I needed specific lines in the expected response to
keep their \r\n line endings, so this fixed them for me:

sed -i '51,54 s/$/\r/' data/test2034

By placing \r before \n on lines 51 through 54.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2014-10-01