aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-07-10 10:57:20 +0200
committerDaniel Stenberg <daniel@haxx.se>2018-07-10 10:57:20 +0200
commitd3bd7cb388f631c16a35c1c631f0dbd0879389fc (patch)
treeaba44b4bb048162278a2d2d5e5a48c20d5177197
parent522236f55eea7a15571317bd6fcccc4abff8fe8c (diff)
TODO: Configurable loading of OpenSSL configuration file
Closes #2724
-rw-r--r--docs/TODO12
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/TODO b/docs/TODO
index cea637868..269c93006 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -112,6 +112,7 @@
13.6 Provide callback for cert verification
13.7 improve configure --with-ssl
13.8 Support DANE
+ 13.9 Configurable loading of OpenSSL configuration file
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
13.12 Support HSTS
13.13 Support HPKP
@@ -767,6 +768,17 @@ that doesn't exist on the server, just like --ftp-create-dirs.
Björn Stenberg wrote a separate initial take on DANE that was never
completed.
+13.9 Configurable loading of OpenSSL configuration file
+
+ libcurl calls the OpenSSL function CONF_modules_load_file() in openssl.c,
+ Curl_ossl_init(). "We regard any changes in the OpenSSL configuration as a
+ security risk or at least as unnecessary."
+
+ Please add a configuration switch or something similar to disable the
+ CONF_modules_load_file() call.
+
+ See https://github.com/curl/curl/issues/2724
+
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root