Hi everyone, this week I finally had time to implement some test cases for the TLS proxy support added a while ago [1].
I now consider TLS proxy functional, though there's still room for improvement: Checking the validity of the server certificate using OCSP or CRLs would be good. However, neither of these is available for client authentication, so I suppose my additions are at least on par with preexisting code there. ;-) While writing the proxy tests, I also improved the test suite and got rid of the foreground sleep calls (well, almost - if you compile with MSVA support, there'll be one) in favor of proper locking and background waits, which massively speeds up the test suite. As usual, feedback and patches are welcome. And by the way, my security patch for TLS client auth made it into Debian (and probably other distributions) a few weeks ago [2]. :-) Regards, Thomas [1] https://github.com/airtower-luna/mod_gnutls/commits/tls-proxy [2] https://www.debian.org/security/2015/dsa-3177 _______________________________________________ mod_gnutls-devel mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/mod_gnutls-devel
