From 013d043d226913b14ff2c2034346832994bcab11 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 7 Aug 2012 14:48:34 +0200 Subject: TODO: support DANE, we already support gnutls without gcrypt --- docs/TODO | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) (limited to 'docs/TODO') diff --git a/docs/TODO b/docs/TODO index 02464ebe0..30c0a64ab 100644 --- a/docs/TODO +++ b/docs/TODO @@ -55,11 +55,11 @@ 7.6 Provide callback for cert verification 7.7 Support other SSL libraries 7.9 improve configure --with-ssl + 7.10 Support DANE 8. GnuTLS 8.1 SSL engine stuff 8.3 check connection - 8.4 non-gcrypt 9. SMTP 9.1 Specify the preferred authentication mechanism @@ -355,6 +355,13 @@ to provide the data to send. make the configure --with-ssl option first check for OpenSSL, then GnuTLS, then NSS... +7.10 Support DANE + + DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL + keys and certs over DNS using DNSSEC as an alternative to the CA model. + http://www.rfc-editor.org/rfc/rfc6698.txt + + 8. GnuTLS 8.1 SSL engine stuff @@ -366,16 +373,6 @@ to provide the data to send. Add a way to check if the connection seems to be alive, to correspond to the SSL_peak() way we use with OpenSSL. -8.4 non-gcrypt - - libcurl assumes that there are gcrypt functions available when - GnuTLS is. - - GnuTLS can be built to use libnettle instead as crypto library, - which breaks the previously mentioned assumption - - The correct fix would be to detect which crypto layer that is in use and - adapt our code to use that instead of blindly assuming gcrypt. 9. SMTP -- cgit v1.2.3