I just looked at the last updates to the vtls/* code and this makes me wonder about the following things: 1) QsoSSL is obsolete. I propose to remove it completely from the code. Runs only on AS/400 where GSKit is always available and much better in many senses. In addition, it's hard to make it evolve. Any objection ? 2) In Curl_ssl_random(), I propose to return -1 if curlssl_random is not defined. 3) I can understand the backend-specific md5sum function (i.e.: for speed purpose), but we already have our own implementation and it would be wise to use it, at least when have_curlssl_md5sum is not defined. In addition, ifdefs on have_curlssl_md5sum can be replaced by ifdefs on curlssl_md5sum. Your opinion ?
4) I would like to split the backend-specific pkp_pin_peer_pubkey() (of openssl and gtls) into a backend-specific part that gets the key from the certificate and a generic part cooking the pinned public key and comparing: this would avoid repeating the PPK cooking in each backend. Any objection ? 5) The misunderstanding I make 2 days ago about PPK inspired me the following possible improvement. If the PPK file does not exist, the curl_easy_setopt() string is checked for being a PEM public key (direct data). In addition, the file data is checked for PEM format. Else it behaves has today (DER). Of course, all these changes can be delayed after the feature freeze... Good week-end to everyone. Patrick ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
