aboutsummaryrefslogtreecommitdiff
path: root/docs/TODO
diff options
context:
space:
mode:
Diffstat (limited to 'docs/TODO')
-rw-r--r--docs/TODO19
1 files changed, 8 insertions, 11 deletions
diff --git a/docs/TODO b/docs/TODO
index 02464ebe0..30c0a64ab 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -55,11 +55,11 @@
7.6 Provide callback for cert verification
7.7 Support other SSL libraries
7.9 improve configure --with-ssl
+ 7.10 Support DANE
8. GnuTLS
8.1 SSL engine stuff
8.3 check connection
- 8.4 non-gcrypt
9. SMTP
9.1 Specify the preferred authentication mechanism
@@ -355,6 +355,13 @@ to provide the data to send.
make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
then NSS...
+7.10 Support DANE
+
+ DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
+ keys and certs over DNS using DNSSEC as an alternative to the CA model.
+ http://www.rfc-editor.org/rfc/rfc6698.txt
+
+
8. GnuTLS
8.1 SSL engine stuff
@@ -366,16 +373,6 @@ to provide the data to send.
Add a way to check if the connection seems to be alive, to correspond to the
SSL_peak() way we use with OpenSSL.
-8.4 non-gcrypt
-
- libcurl assumes that there are gcrypt functions available when
- GnuTLS is.
-
- GnuTLS can be built to use libnettle instead as crypto library,
- which breaks the previously mentioned assumption
-
- The correct fix would be to detect which crypto layer that is in use and
- adapt our code to use that instead of blindly assuming gcrypt.
9. SMTP