For the sake of Fedora/Red Hat users like me whose libcurl is NSS-linked, +1 on making certinfo more abstract.
On Fri, Jul 12, 2013 at 8:33 AM, Patrick Monnerat <[email protected]> wrote: > > Please find a big patch in attachment: > > It implements a new SSL backend: GSKit. It runs on OS400, but IBM > supports it on other platforms too. > > Aside of it, this patch also prepares support of CURLINFO_CERTINFO for > every SSL backend able to provide peer certificate and/or chain in DER > format. This has been done by some code factorisation: > > - init_certinfo(), push_certinfo*() have been moved to sslgen.c > - a new module x509asn1.c implements very lightweight ASN.1 and X509 > parsers, with functions to generate the certinfo from DER certificates. > These are now already used (in the patch) by the QsoSSL and GSKit SSL > backends, and may be easily called from other backends not implementing > certinfo yet. > > The only info fields left TODO are the X509 V3 extensions. > > The internal function Curl_slist_append_nodup() has been implemented and > used wherever needed. > > > OS400 users will now have the ability to get CURLINFO_* slists in > EBCDIC, including certinfo. > > The advantages of GSKit over QsoSSL are: > - Not limited to a single SSL keyring per job: each connection may have > its own SSL environment. > - Reentrant. > - Asynchronous handshake. > - Cipher control. > - SNI support (on OS400 version >= 7.1). > - QsoSSL is obsolescent. > > Your comments are welcome. If nobody objects, I'll commit it in a few > days. > > Good week-end to all of you, > Patrick > > ------------------------------------------------------------------- > List admin: http://cool.haxx.se/list/listinfo/curl-library > Etiquette: http://curl.haxx.se/mail/etiquette.html -- David Strauss | [email protected] | +1 512 577 5827 [mobile] ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
