Hi, I am using ocaml-ssl for a project. Though it is not a lot advertized on your main website, I got it from your Sourceforge files section, so I guess you are the maintainers (note that I also doubted because the Caml Hump, first link in a Google search for "ocaml-ssl", list a now dead link for the ocaml-ssl project. You might want to update this! :-).
Anyway I was wondering if you were planning to make significant improvement on this binding or this is too low a priority (I can see you have quite a huge list of modules to maintain indeed!). Limitations are found in particular on the certificate validation part which is not very flexible. For instance when it is not validated automatically by the library, I want to provide useful data to the user in order to allow him to manually validate or refuse a certificate. But the current binding simply has not all this part: 1/ the error is returned in an unprocessed integer form (I had to map values with "man 1 verify". Without this, you cannot do much). 2/ The only 2 fields I can get on the cert through ocaml-ssl are the issuer and the subject. I would like to have the expiration date, the start date or other fields (because as a user, when a cert is expired from just today, but is good otherwise, I would say that for a non-highly sensible website, I would say ok, but not a cert expired for 3 years for instance!)... 3/ Also the verify_callback with the following warning: "Warning: this might change in the future."... I would actually like for it to change, because in its current form, I don't really see what we can do with it! It is a private type with no construction function. We are stuck with the only one defined callback (or there is something I didn't get in how to use this). So here I am... just wondering if you have plans for ocaml-ssl, which otherwise works nice. I had a few workarounds so I have been able to bypass some of the current limitations of the current API to give users the possibility to accept a problematic cert, but some data like dates would be really nice too (being able to get all the fields without restriction would be even better). :-) Thanks. Jehan ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Savonet-devl mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/savonet-devl
