diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2012-08-07 14:48:34 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2012-08-07 14:48:34 +0200 |
| commit | 013d043d226913b14ff2c2034346832994bcab11 (patch) | |
| tree | 2bb9fb4bb9bbe34b9cef9fee8a28410322ee3ff5 /docs/TODO | |
| parent | 382429e7601de68564f08a88cc867dbcd6e2556a (diff) | |
TODO: support DANE, we already support gnutls without gcrypt
Diffstat (limited to 'docs/TODO')
| -rw-r--r-- | docs/TODO | 19 |
1 files changed, 8 insertions, 11 deletions
@@ -55,11 +55,11 @@ 7.6 Provide callback for cert verification 7.7 Support other SSL libraries 7.9 improve configure --with-ssl + 7.10 Support DANE 8. GnuTLS 8.1 SSL engine stuff 8.3 check connection - 8.4 non-gcrypt 9. SMTP 9.1 Specify the preferred authentication mechanism @@ -355,6 +355,13 @@ to provide the data to send. make the configure --with-ssl option first check for OpenSSL, then GnuTLS, then NSS... +7.10 Support DANE + + DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL + keys and certs over DNS using DNSSEC as an alternative to the CA model. + http://www.rfc-editor.org/rfc/rfc6698.txt + + 8. GnuTLS 8.1 SSL engine stuff @@ -366,16 +373,6 @@ to provide the data to send. Add a way to check if the connection seems to be alive, to correspond to the SSL_peak() way we use with OpenSSL. -8.4 non-gcrypt - - libcurl assumes that there are gcrypt functions available when - GnuTLS is. - - GnuTLS can be built to use libnettle instead as crypto library, - which breaks the previously mentioned assumption - - The correct fix would be to detect which crypto layer that is in use and - adapt our code to use that instead of blindly assuming gcrypt. 9. SMTP |