Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--pinnedpubkey for unsupported TLS backends #781

Closed
bagder opened this issue Apr 27, 2016 · 2 comments
Closed

--pinnedpubkey for unsupported TLS backends #781

bagder opened this issue Apr 27, 2016 · 2 comments
Assignees
Labels

Comments

@bagder
Copy link
Member

@bagder bagder commented Apr 27, 2016

I did this

Used --pinnedpubkey with curl built with a TLS backend without support for it. But it doesn't complain on bad keys.

I expected the following

It needs to warn or error out when the option is used without support in libcurl so that the problem is not silently ignored.

Ray's initial patch for this

Also see this additional gskit patch

I'm assigning you Jay since you were on track on this before. Let me know if you're not fine with that, then I can take over instead.

cc: @moparisthebest

@bagder bagder added the SSL/TLS label Apr 27, 2016
@moparisthebest
Copy link
Contributor

@moparisthebest moparisthebest commented Apr 27, 2016

I'll paste and update this from my mailing list email as well:

these backends
implementations are unsupported:

axtls.c - looks unlikely to ever be supported after glance at docs
darwinssl.c - stalled
schannel.c - Ray said someone was working on this? who/where?

and these have partial support:

cyassl.c only support #ifdef KEEP_PEER_CERT
gskit.c only support pem/der, needs curlssl_sha256sum defined for hash
support

of course that leaves these with full support:

gtls.c
mbedtls.c
nss.c
openssl.c
polarssl.c

@bagder bagder assigned bagder and unassigned jay May 1, 2016
bagder added a commit that referenced this issue May 1, 2016
to make it obvious to users trying to use the feature with TLS backends
not supporting it.

Discussed in #781
Reported-by: Travis Burtrum
@bagder
Copy link
Member Author

@bagder bagder commented May 1, 2016

Committed a fix for this in commit 283babf. Please try it out and see if there's anything missing now.

@bagder bagder closed this May 2, 2016
@lock lock bot locked as resolved and limited conversation to collaborators May 7, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.