diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-02-18 22:45:17 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-02-18 22:45:17 +0100 |
commit | a3e52a7b2d81f1533adb23e69daf8db299ab2568 (patch) | |
tree | 4d406d00875e5862306f37c9c04ef75fe6bbf9bf | |
parent | 174212972c5d508cf54664f97217d5fe63134490 (diff) |
TODO: "Support in-memory certs/ca certs/keys"
removed SSLKEYLOGFILE support (fixed)
removed "consider SSL patches" (outdated)
Closes #2310
-rw-r--r-- | docs/TODO | 22 |
1 files changed, 7 insertions, 15 deletions
@@ -106,13 +106,12 @@ 13. SSL 13.1 Disable specific versions 13.2 Provide mutex locking API - 13.3 Evaluate SSL patches + 13.3 Support in-memory certs/ca certs/keys 13.4 Cache/share OpenSSL contexts 13.5 Export session ids 13.6 Provide callback for cert verification 13.7 improve configure --with-ssl 13.8 Support DANE - 13.10 Support SSLKEYLOGFILE 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 13.12 Support HSTS 13.13 Support HPKP @@ -715,10 +714,13 @@ that doesn't exist on the server, just like --ftp-create-dirs. library, so that the same application code can use mutex-locking independently of OpenSSL or GnutTLS being used. -13.3 Evaluate SSL patches +13.3 Support in-memory certs/ca certs/keys - Evaluate/apply Gertjan van Wingerde's SSL patches: - https://curl.haxx.se/mail/lib-2004-03/0087.html + You can specify the private and public keys for SSH/SSL as file paths. Some + programs want to avoid using files and instead just pass them as in-memory + data blobs. There's probably a challenge to make this work across the + plethory of different TLS and SSH backends that curl suppports. + https://github.com/curl/curl/issues/2310 13.4 Cache/share OpenSSL contexts @@ -770,16 +772,6 @@ that doesn't exist on the server, just like --ftp-create-dirs. Björn Stenberg wrote a separate initial take on DANE that was never completed. -13.10 Support SSLKEYLOGFILE - - When used, Firefox and Chrome dumps their master TLS keys to the file name - this environment variable specifies. This allows tools like for example - Wireshark to capture and decipher TLS traffic to/from those clients. libcurl - could be made to support this more widely (presumably this already works when - built with NSS). Peter Wu made a OpenSSL preload to make possible that can be - used as inspiration and guidance - https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c - 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root |