cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Support for openssl trusted_first flag

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 31 May 2015 23:52:14 +0200 (CEST)

On Sat, 30 May 2015, Ray Satiro via curl-library wrote:

> Matt Caswell of OpenSSL has updated that ticket with some helpful info
> explaining the difference between TRUSTED_FIRST and the new alt chains
> behavior. The only disadvantage to using TRUSTED_FIRST is what would likely
> be a minor performance hit in the time it takes to check alternate chains.
> The new alternate chain check will give us the same fix with even less of a
> hit. The two methods are mutually exclusive. I propose [1] we enable trusted
> if it's available and the new default alternate chain check is not
> available.

Looks perfectly fine to my understanding. The only question left for me is for
how many users this will actually have an affect if they truly are doing this
change in a release soon... but we can also just rip this code out again in a
future if we deem that it isn't really used.

I say go ahead and merge!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2015-05-31