diff options
author | Marc Hoersken <info@marc-hoersken.de> | 2020-05-08 20:49:22 +0200 |
---|---|---|
committer | Marc Hoersken <info@marc-hoersken.de> | 2020-05-09 12:23:59 +0200 |
commit | 8329775abb5e2c0edbe7e792605450f0dc205f18 (patch) | |
tree | 0219055917054989480077c245690c163ac34dac | |
parent | 92501a12a235ebebfffad043286c592a8b0e561b (diff) |
TODO: update regarding missing Schannel features
Some aspects have already been implemented over the years.
15.1 Client certificates are now supported:
- System stores via e35b0256eb34f1fe562e3e2a2615beb50a391c52
- PKCS#12 files via 0fdf96512613574591f501d63fe49495ba40e1d5
15.2 Ciphers can now be specified through:
- Algorithms via 9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28
Reviewed-by: Daniel Stenberg and Marcel Raad
Closes #5358
-rw-r--r-- | docs/TODO | 32 |
1 files changed, 12 insertions, 20 deletions
@@ -117,10 +117,10 @@ 14. GnuTLS 14.2 check connection - 15. WinSSL/SChannel - 15.1 Add support for client certificate authentication - 15.3 Add support for the --ciphers option - 15.4 Add option to disable client certificate auto-send + 15. Schannel + 15.1 Extend support for client certificate authentication + 15.2 Extend support for the --ciphers option + 15.3 Add option to disable client certificate auto-send 16. SASL 16.1 Other authentication mechanisms @@ -793,31 +793,23 @@ that doesn't exist on the server, just like --ftp-create-dirs. Add a way to check if the connection seems to be alive, to correspond to the SSL_peak() way we use with OpenSSL. -15. WinSSL/SChannel +15. Schannel -15.1 Add support for client certificate authentication +15.1 Extend support for client certificate authentication - WinSSL/SChannel currently makes use of the OS-level system and user - certificate and private key stores. This does not allow the application - or the user to supply a custom client certificate using curl or libcurl. - - Therefore support for the existing -E/--cert and --key options should be - implemented by supplying a custom certificate to the SChannel APIs, see: + The existing support for the -E/--cert and --key options could be + extended by supplying a custom certificate and key in PEM format, see: - Getting a Certificate for Schannel https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx -15.3 Add support for the --ciphers option - - The cipher suites used by WinSSL/SChannel are configured on an OS-level - instead of an application-level. This does not allow the application or - the user to customize the configured cipher suites using curl or libcurl. +15.2 Extend support for the --ciphers option - Therefore support for the existing --ciphers option should be implemented - by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see + The existing support for the --ciphers option could be extended + by mapping the OpenSSL/GnuTLS cipher suites to the Schannel APIs, see - Specifying Schannel Ciphers and Cipher Strengths https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx -15.4 Add option to disable client certificate auto-send +15.3 Add option to disable client certificate auto-send Microsoft says "By default, Schannel will, with no notification to the client, attempt to locate a client certificate and send it to the server." That could |