On Fri, 10 Dec 2010, Hu, Eric wrote:
So, even though axTLS is still failing some https tests, is this good enough
for now?
Since the impact is very small on non-axTLS parts I think it is good enough to
get pushed - after the pending release (planned to happen on Thursday).
Functionality wise, axTLS doesn't like my ca cert bundle so whatever site I
try I can't get axTLS to play with me. See below, but the exact site doesn't
seem to matter:
$ ./src/curl https://www.sf.net/ -1 -v -k
* About to connect() to www.sf.net port 443 (#0)
* Trying 216.34.181.60... connected
* Connected to www.sf.net (216.34.181.60) port 443 (#0)
Error: Invalid X509 ASN.1 file
* error reading ca cert file /etc/ssl/certs/ca-certificates.crt
* Curl_axtls_close
Error: No trusted cert is available
* Closing connection #0
* Curl_axtls_close
* Curl_axtls_close
* Curl_axtls_close
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
* Curl_axtls_close_all
(The ca cert is the one Debian unstable ships and it should be fine as it
works with OpenSSL and GnuTLS etc.)
I could probably put together an axTLS patch for tests 311 and 312. Adding
CRL for test 313 and getting axTLS working with multi (test 560) aren't so
straightforward (at least not to me at the moment), though given enough
time, I could probably sort them out.
Hopefully others can also join in and help smoothen the remaining rough edges
once there's basic support added.
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
