cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURLOPT_SSL_CTX_FUNCTION for SSPI

From: Henri Hein <henri_at_thinair.com>
Date: Mon, 21 Mar 2016 20:10:46 -0700

On Thu, Mar 17, 2016 at 10:33 PM, Ray Satiro via curl-library
<curl-library_at_cool.haxx.se> wrote:
> Yes. If there is any interest that is likely the way to do it.

OK. See below.

> You can do it in the progress callback. It's really quite complicated to do
> it properly because you have to verify certificate changes. I will make an
> example for you. I opened #685 [1] to find a better way, and it looks like
> you've already seen that.

Yes, I did see that. I'll look for your sample.

>> I am willing to make a pull request for
>> the CURLOPT_PINNEDPUBLICKEY implementation in SSPI, if
>> that is more agreeable.
>
> That would be fantastic.

Great. I will work on both the changes: CURLOPT_SSL_CTX_FUNCTION,
the way we discussed it, and CURLOPT_PINNEDPUBLICKEY.
I can tell you are luke-wam on SSL_CTX_FUNCTION, but I'd like to submit
it anyway. I know what to do for that change, and it'll be nice to move
towards parity with the other SSL implementations. Also, I do think there
are some useful options in SCHANNEL_CRED for limiting algorithms and
cipher strength.

Thanks,
- Henri Hein
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-03-22

This message: [ Message body ]
Next message: Mindaugas Jaraminas: "Re: Memory leak in a libcurl with mbedtls"
Previous message: Oliver Graute: "Howto use libcurl with libnss and PKCS11 Interface to a Security Module?"
In reply to: Ray Satiro via curl-library: "Re: CURLOPT_SSL_CTX_FUNCTION for SSPI"
Next in thread: Henri Hein: "Re: CURLOPT_SSL_CTX_FUNCTION for SSPI"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]