diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2019-01-29 00:33:14 -0500 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2019-01-29 00:33:14 -0500 |
commit | 3de607415c4e54206e33f677cfdc225cd1256357 (patch) | |
tree | ff3d3909d8d610f8d2819f6a25b1db63124b5f64 | |
parent | a9d9a3abbec55ad80d615db4cd74218067df2c33 (diff) |
TODO: WinSSL: 'Add option to disable client cert auto-send'
By default WinSSL selects and send a client certificate automatically,
but for privacy and consistency we should offer an option to disable the
default auto-send behavior.
Reported-by: Jeroen Ooms
Closes https://github.com/curl/curl/issues/2262
-rw-r--r-- | docs/TODO | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -126,6 +126,7 @@ 15. WinSSL/SChannel 15.1 Add support for client certificate authentication 15.3 Add support for the --ciphers option + 15.4 Add option to disable client certificate auto-send 16. SASL 16.1 Other authentication mechanisms @@ -876,6 +877,19 @@ that doesn't exist on the server, just like --ftp-create-dirs. - Specifying Schannel Ciphers and Cipher Strengths https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx +15.4 Add option to disable client certificate auto-send + + Microsoft says "By default, Schannel will, with no notification to the client, + attempt to locate a client certificate and send it to the server." That could + be considered a privacy violation and unexpected. + + Some Windows users have come to expect that default behavior and to change the + default to make it consistent with other SSL backends would be a breaking + change. An option should be added that can be used to disable the default + Schannel auto-send behavior. + + https://github.com/curl/curl/issues/2262 + 16. SASL 16.1 Other authentication mechanisms |