On Mon, 23 Aug 2010, Paul Bakker wrote:
But I really don't know how popular the ecdsa-with-SHA384 algorithm is in
the wild, or how much effort it would be to implement, so if nobody
responds here within a few days I will pass the info on to the polarssl
mailing list.
ECDSA signatures are indeed not supported at this moment in PolarSSL. Most
likely they will be in the 'near' future. But no specific timeline has been
made yet. ECDSA will be 'optional' to conserve on space when required.
Perhaps it would make better sense for PolarSSL to simply ignore such
certificates then rather than to fail this way? AFAIK, our "caextract" service
is quite popular and since this cert in question is used by Firefox I figure
quite a lot of users are likely to end up with this cert in their cabundle and
thus they will get this problem.
(And no, I haven't really considered all the side effects a mere ignore would
cause so please forgive my ignorance if its a really bad idea.)
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
