On Fri, Jul 12, 2013 at 05:33:26PM +0200, Patrick Monnerat wrote: > Please find a big patch in attachment:
138KB. Yup. Any chance of splitting it into at least two parts, the OS400 stuff and everything else? > It implements a new SSL backend: GSKit. It runs on OS400, but IBM > supports it on other platforms too. > > Aside of it, this patch also prepares support of CURLINFO_CERTINFO for > every SSL backend able to provide peer certificate and/or chain in DER > format. This has been done by some code factorisation: > > - init_certinfo(), push_certinfo*() have been moved to sslgen.c Sounds good! > - a new module x509asn1.c implements very lightweight ASN.1 and X509 > parsers, with functions to generate the certinfo from DER certificates. > These are now already used (in the patch) by the QsoSSL and GSKit SSL > backends, and may be easily called from other backends not implementing > certinfo yet. I'm a bit hesitant about this part. It seems that more and more X.509/TLS stuff is slowly finding its way into curl itself. The ASN.1 code especially seems to me to be the kind of thing that should be in a cross-platform library of some sort that curl can depend on instead. That kind of parsing code is the kind that's hard to get completely right from a security standpoint. >>> Dan ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
