Hello all, On 10/10/2014 02:08 PM, Patrick Monnerat wrote:
> 4) I would like to split the backend-specific pkp_pin_peer_pubkey() (of > openssl and gtls) into a backend-specific part that gets the key from > the certificate and a generic part cooking the pinned public key and > comparing: this would avoid repeating the PPK cooking in each backend. > Any objection ? > > 5) The misunderstanding I make 2 days ago about PPK inspired me the > following possible improvement. If the PPK file does not exist, the > curl_easy_setopt() string is checked for being a PEM public key (direct > data). In addition, the file data is checked for PEM format. Else it > behaves has today (DER). I don't think you can do both 4 and 5, the read-der-file-into-memory-and-compare code is the same across openssl/gnutls because the der format is basically just the raw format, so if we only want to support der, it should be split into a separate method shared across both backends. But if we are going to support PEM, or hashes, or anything else in the future, that will have to be handled with different crypto methods in each backend. Also I think it'd be great to support the PEM format in addition to DER, and I agree that the current option should be able to detect which format the file is in, but I also agree with bagder that direct data should be a different option entirely. Thanks much for reviewing that code, looking forward to more discussions/patches on it! ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
