-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configurable loading of OpenSSL configuration file #2724
Comments
Thanks, but this description sounds as if you're asking for a new feature/change. We use this tracker for bugs and issues only, we put ideas to work on in the future in the TODO document. We basically drown in good ideas so they don't do much use in our tracker. If you really want to see this happen, start working on an implementation and submit a PR for it or join the mailing list and talk up more interest for it and see what help from others you can get! |
That sounds quite understandable and fair. Thank you for your explanation! |
Sometimes it may be considered a security risk to load an external OpenSSL configuration automatically inside curl_global_init(). The configuration option --disable-ssl-auto-load-config disables this automatism. The Windows build scripts winbuild/Makefile.vs provide a corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean value. Setting neither of these options corresponds to the previous behavior loading the external OpenSSL configuration automatically. Implements feature request curl#2724
Sometimes it may be considered a security risk to load an external OpenSSL configuration automatically inside curl_global_init(). The configuration option --disable-ssl-auto-load-config disables this automatism. The Windows build scripts winbuild/Makefile.vs provide a corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean value. Setting neither of these options corresponds to the previous behavior loading the external OpenSSL configuration automatically. Fixes #2724 Closes #2791
The libcurl library calls the OpenSSL function
CONF_modules_load_file()
inopenssl.c
,Curl_ossl_init()
. This is obviously a good idea for freely configurable clients like curl in order to allow the users to tweak the underlying OpenSSL configuration. In our case this is rather undesirable: Our client is tightly coupled with a fixed server with a given TLS-configuration. We regard any changes in the OpenSSL configuration as a security risk or at least as unnecessary.Feature-Request: Please add a configuration switch or something similar to disable the
CONF_modules_load_file()
call.The text was updated successfully, but these errors were encountered: