diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-07-28 23:26:42 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-07-28 23:26:42 +0200 |
commit | 1fb8048abb25c211116bb147e2d80e25e47fd1cc (patch) | |
tree | a0dede127e4c093359c8a14ae5e0273f9124c470 /docs/TODO | |
parent | 10061f475e7251d66dd6e76f18c8643381b58965 (diff) |
TODO: Support Authority Information Access certificate extension (AIA)
Closes #2793
Diffstat (limited to 'docs/TODO')
-rw-r--r-- | docs/TODO | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -113,6 +113,7 @@ 13.7 improve configure --with-ssl 13.8 Support DANE 13.9 Configurable loading of OpenSSL configuration file + 13.10 Support Authority Information Access certificate extension (AIA) 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 13.12 Support HSTS 13.13 Support HPKP @@ -779,6 +780,17 @@ that doesn't exist on the server, just like --ftp-create-dirs. See https://github.com/curl/curl/issues/2724 +13.10 Support Authority Information Access certificate extension (AIA) + + AIA can provide various things like CRLs but more importantly information + about intermediate CA certificates that can allow validation path to be + fullfilled when the HTTPS server doesn't itself provide them. + + Since AIA is about downloading certs on demand to complete a TLS handshake, + it is probably a bit tricky to get done right. + + See https://github.com/curl/curl/issues/2793 + 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root |