cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Support for openssl trusted_first flag

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 28 May 2015 11:28:06 +0200 (CEST)

On Tue, 26 May 2015, Ryan Schmidt wrote:

> Some time ago the idea was brought up to use openssl's new -trusted_first /
> X509_V_FLAG_TRUSTED_FIRST mode; a patch was provided:
>
> http://curl.haxx.se/mail/lib-2011-12/0223.html

I basically only have one question on this: how would a user know when to use
and not use --trusted_first ?

Isn't this one of those options that just should be enabled if available?
What's the downside with that? Or possibly we can have it enabled by default
and allow the user to switch it off in case of trouble?

PS, an alternative patch can be found here and this version has better
error-checking of the OpenSSL calls used:

   http://kriscience.blogspot.se/2013/03/supporting-trusted-but-untrusted.html

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2015-05-28