| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-03-21 | tests/certs: rebuild certificates with modified key usage bits | Dan Fandrich | |
| The certificates were missing the digitalSignature and keyAgreement usage types, of which at least digitalSignature was checked by CyaSSL. This caused the test server in test 310 (among others) to fail the startup verification and therefore run (see http://curl.haxx.se/mail/lib-2014-07/0303.html). | |||
| 2014-10-07 | SSL: implement public key pinning | moparisthebest | |
| Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der | |||
 |
index : curl | |
| cURL mirror with patches applied | Ben |
| aboutsummaryrefslogtreecommitdiff |