cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] openssl: allow partial trust chains

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 30 Nov 2015 08:15:55 +0100 (CET)

On Thu, 26 Nov 2015, Tim Ruehsen wrote:

> I just don't like this behavior being the default. I have nothing against
> some kind of configuration / option.

But this gives a user greater flexibility to more fine-grained trust. What
sort of problem do you see with this?

We don't normally fear adding options in libcurl, but this is a very
specialized option that very few users would know how to handle. Also, based
on what's said it might also tweak behavior other TLS backends already do on
their own, not to mention that other backends may not be that easy to alter
this behavior for.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2015-11-30

This message: [ Message body ]
Next message: Tim Ruehsen: "Re: [PATCH] openssl: allow partial trust chains"
Previous message: Daniel Stenberg: "Re: [bagder/curl] 78c25c: lib: Only define curl_dofreeaddrinfo if struct add..."
In reply to: Tim Ruehsen: "Re: [PATCH] openssl: allow partial trust chains"
Next in thread: Tim Ruehsen: "Re: [PATCH] openssl: allow partial trust chains"
Reply: Tim Ruehsen: "Re: [PATCH] openssl: allow partial trust chains"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]