diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-07-10 10:57:20 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-07-10 10:57:20 +0200 |
commit | d3bd7cb388f631c16a35c1c631f0dbd0879389fc (patch) | |
tree | aba44b4bb048162278a2d2d5e5a48c20d5177197 | |
parent | 522236f55eea7a15571317bd6fcccc4abff8fe8c (diff) |
TODO: Configurable loading of OpenSSL configuration file
Closes #2724
-rw-r--r-- | docs/TODO | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -112,6 +112,7 @@ 13.6 Provide callback for cert verification 13.7 improve configure --with-ssl 13.8 Support DANE + 13.9 Configurable loading of OpenSSL configuration file 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 13.12 Support HSTS 13.13 Support HPKP @@ -767,6 +768,17 @@ that doesn't exist on the server, just like --ftp-create-dirs. Björn Stenberg wrote a separate initial take on DANE that was never completed. +13.9 Configurable loading of OpenSSL configuration file + + libcurl calls the OpenSSL function CONF_modules_load_file() in openssl.c, + Curl_ossl_init(). "We regard any changes in the OpenSSL configuration as a + security risk or at least as unnecessary." + + Please add a configuration switch or something similar to disable the + CONF_modules_load_file() call. + + See https://github.com/curl/curl/issues/2724 + 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root |