aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2019-01-29 00:33:14 -0500
committerJay Satiro <raysatiro@yahoo.com>2019-01-29 00:33:14 -0500
commit3de607415c4e54206e33f677cfdc225cd1256357 (patch)
treeff3d3909d8d610f8d2819f6a25b1db63124b5f64
parenta9d9a3abbec55ad80d615db4cd74218067df2c33 (diff)
TODO: WinSSL: 'Add option to disable client cert auto-send'
By default WinSSL selects and send a client certificate automatically, but for privacy and consistency we should offer an option to disable the default auto-send behavior. Reported-by: Jeroen Ooms Closes https://github.com/curl/curl/issues/2262
-rw-r--r--docs/TODO14
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/TODO b/docs/TODO
index 64efef4f4..323bbb771 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -126,6 +126,7 @@
15. WinSSL/SChannel
15.1 Add support for client certificate authentication
15.3 Add support for the --ciphers option
+ 15.4 Add option to disable client certificate auto-send
16. SASL
16.1 Other authentication mechanisms
@@ -876,6 +877,19 @@ that doesn't exist on the server, just like --ftp-create-dirs.
- Specifying Schannel Ciphers and Cipher Strengths
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
+15.4 Add option to disable client certificate auto-send
+
+ Microsoft says "By default, Schannel will, with no notification to the client,
+ attempt to locate a client certificate and send it to the server." That could
+ be considered a privacy violation and unexpected.
+
+ Some Windows users have come to expect that default behavior and to change the
+ default to make it consistent with other SSL backends would be a breaking
+ change. An option should be added that can be used to disable the default
+ Schannel auto-send behavior.
+
+ https://github.com/curl/curl/issues/2262
+
16. SASL
16.1 Other authentication mechanisms